KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Security Fix(es):
* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)
* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{"oraclelinux": [{"lastseen": "2021-07-28T14:24:49", "description": "[1.5.3-167.el7_7.1]\n- kvm-qxl-check-release-info-object.patch [bz#1732337]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]\n- Resolves: bz#1732337\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])\n- Resolves: bz#1734748\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-04T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378"], "modified": "2019-09-04T00:00:00", "id": "ELSA-2019-2607", "href": "http://linux.oracle.com/errata/ELSA-2019-2607.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:58", "description": "[1.5.3-173.el7]\n- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]\n- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]\n- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]\n- Resolves: bz#1791560\n (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])\n[1.5.3-172.el7]\n- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961]\n- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961]\n- Resolves: bz#1771961\n (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8])\n[1.5.3-171.el7]\n- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471]\n- kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471]\n- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471]\n- kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607]\n- Resolves: bz#1638471\n ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)\n- Resolves: bz#1760607\n (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code)\n[1.5.3-170.el7]\n- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735]\n- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971]\n- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971]\n- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971]\n- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971]\n- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971]\n- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971]\n- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971]\n- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971]\n- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971]\n- kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971]\n- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791]\n- Resolves: bz#1709971\n ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm)\n- Resolves: bz#1714791\n ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm)\n- Resolves: bz#1749735\n (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7])\n[1.5.3-169.el7]\n- kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871]\n- kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871]\n- kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658]\n- Resolves: bz#1626871\n ([RFE] request for using TscInvariant feature with qemu-kvm.)\n- Resolves: bz#1706658\n ([Intel 7.8 Bug] qemu-kvm fail with 'err:kvm_init_vcpu() invalidate argumant' on ICX platform)\n[1.5.3-168.el7]\n- kvm-qxl-check-release-info-object.patch [bz#1712703]\n- kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166]\n- kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749]\n- Resolves: bz#1270166\n (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.)\n- Resolves: bz#1712703\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7])\n- Resolves: bz#1734749\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8])", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-06T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-12155", "CVE-2019-14378", "CVE-2019-15890", "CVE-2020-7039"], "modified": "2020-04-06T00:00:00", "id": "ELSA-2020-1116", "href": "http://linux.oracle.com/errata/ELSA-2020-1116.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-24T16:27:55", "description": " ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "container-tools:ol8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3403", "href": "http://linux.oracle.com/errata/ELSA-2019-3403.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:09", "description": "[1.5.3-167.el7_7.4]\n- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]\n- Resolves: bz#1755333\n ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])\n[1.5.3-167.el7_7.3]\n- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960]\n- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960]\n- Resolves: bz#1771960\n (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z])\n[1.5.3-167.el7_7.2]\n- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606]\n- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606]\n- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606]\n- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606]\n- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606]\n- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606]\n- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606]\n- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606]\n- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606]\n- kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606]\n- Resolves: bz#1730606\n ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z])", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-05T00:00:00", "id": "ELSA-2020-0366", "href": "http://linux.oracle.com/errata/ELSA-2020-0366.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-11-24T16:27:45", "description": " ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "container-tools:1.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3494", "href": "http://linux.oracle.com/errata/ELSA-2019-3494.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-11-24T16:27:49", "description": " ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-14T00:00:00", "type": "oraclelinux", "title": "virt:ol security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-9755", "CVE-2019-9824"], "modified": "2019-11-14T00:00:00", "id": "ELSA-2019-3345", "href": "http://linux.oracle.com/errata/ELSA-2019-3345.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-30T06:24:21", "description": "buildah\n[1.5-6.0.1.gite94b4f9]\n- Fixes troubles with oracle registry login [Orabug: 29937283]\n[1.5-6.gite94b4f9]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766309\ncontainernetworking-plugins\n[0.7.4-4.git9ebe139]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766315, #1766214\npodman\n[1.0.0-4.git921f98f]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766293, #1766321\nrunc\n[1.0.0-56.rc5.dev.git2abd837]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766327, #1766299\nskopeo\n[1:0.1.32-6.0.1.git1715c90]\n- Add oracle registry into the conf file [Orabug: 29845934]\n- Fix oracle registry login issues [Orabug: 29937192]\n[1:0.1.32-6.git1715c90]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1772129, #1772134\nslirp4netns\n[0.1-3.dev.gitc4e1bc5]\n- Fix CVE-2019-14378 (#1755595).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-01-03T00:00:00", "type": "oraclelinux", "title": "container-tools:1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2019-9512", "CVE-2019-9514"], "modified": "2020-01-03T00:00:00", "id": "ELSA-2019-4273", "href": "http://linux.oracle.com/errata/ELSA-2019-4273.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:26", "description": "[0.12.1.2-2.506.el6_10.6]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734747]\n- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749731]\n- kvm-tcp_emu-Fix-oob-access.patch [bz#1791558]\n- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791558]\n- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791558]\n- Resolves: bz#1734747\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-6.10.z])\n- Resolves: bz#1749731\n (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-6])\n- Resolves: bz#1791558\n (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-6.10.z])", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-10T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2019-15890", "CVE-2020-7039"], "modified": "2020-03-10T00:00:00", "id": "ELSA-2020-0775", "href": "http://linux.oracle.com/errata/ELSA-2020-0775.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:44", "description": "[15:3.1.0-7.el7]\n- qemu-img: Add --target-is-zero to convert (David Edmondson)\n[15:3.1.0-6.el7]\n- qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 30858754]\n- target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 30652327]\n- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 30807256] {CVE-2020-1711}\n- scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) (Paolo Bonzini) [Orabug: 30351703] {CVE-2019-12068}\n- lsi: use enum type for s->waiting (Sven Schnelle) {CVE-2019-12068}\n- json: Fix % handling when not interpolating (Christophe Fergeau) [Orabug: 30640103]\n- qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 30640103]\n- Fix heap overflow in ip_reass on big packet input (Samuel Thibault) [Orabug: 30229916] {CVE-2019-14378}\n- Make poll_control_msr default 1 (Mark Kanda) \n- Remove redundant check for host support of halt polling (Mark Kanda) [Orabug: 30240121]\n- Enable '-Werror' compiler flag (Mark Kanda) [Orabug: 30213025]\n- qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30729551]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-17T00:00:00", "type": "oraclelinux", "title": "qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12068", "CVE-2019-14378", "CVE-2020-1711"], "modified": "2020-03-17T00:00:00", "id": "ELSA-2020-5576", "href": "http://linux.oracle.com/errata/ELSA-2020-5576.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[0.12.1.2-2.506.el6_10.5]\n- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669066]\n- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669066]\n- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669066]\n- kvm-qxl-check-release-info-object.patch [bz#1712728]\n- kvm-net-Use-iov-helper-functions.patch [bz#1636415]\n- kvm-net-increase-buffer-size-to-accommodate-Jumbo-frame-.patch [bz#1636415]\n- kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636415]\n- kvm-net-drop-too-large-packet-early.patch [bz#1636415]\n- kvm-PATCH-slirp-fix-buffer-overrun.patch [bz#1586251]\n- kvm-Fix-build-from-previous-commit.patch [bz#1586251]\n- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586251]\n- kvm-slirp-Convert-mbufs-to-use-g_malloc-and-g_free.patch [bz#1586251]\n- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586251]\n- kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636774]\n- Resolves: bz#1586251\n (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-6.10.z])\n- Resolves: bz#1636415\n (CVE-2018-10839 qemu-kvm: Qemu: ne2000: integer overflow leads to buffer overflow issue [rhel-6])\n- Resolves: bz#1636774\n (CVE-2018-17962 qemu-kvm: Qemu: pcnet: integer overflow leads to buffer overflow [rhel-6])\n- Resolves: bz#1669066\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-6.10.z])\n- Resolves: bz#1712728\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-6])", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-09-24T00:00:00", "type": "oraclelinux", "title": "qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10839", "CVE-2018-11806", "CVE-2018-17962", "CVE-2019-12155", "CVE-2019-6778"], "modified": "2019-09-24T00:00:00", "id": "ELSA-2019-2892", "href": "http://linux.oracle.com/errata/ELSA-2019-2892.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:25", "description": "buildah\n[1.9.0-5.0.1]\n- Fixes troubles with oracle registry login [Orabug: 29937283]\n[1.9.0-5]\n- Use autosetup macro again.\n[1.9.0-4]\n- Fix CVE-2019-10214 (#1734653).\n[1.9.0-3]\n- Resolves: #1721247 - enable fips mode\n[1.9.0-2]\n- Resolves: #1720654 - tests subpackage depends on golang explicitly\n[1.9.0-1]\n- Resolves: #1720654 - rebase to v1.9.0\ncockpit-podman\n[4-1]\n- Fix regression in container commit\n- Fix AppStream ID rhbz#1734809\n[3-1]\n- Enable Commit button for running containers\n- Fix race condition with container deletion\n- Stop fetching all containers/images for each container/image event\n[2-2]\n- Fix podman dependency\n[2-1]\n- Update to upstream 2 release\n- Support podman API 1.3\n- Support running commands with arguments\n- Show the default command coming from image\n- Implement filtering of images and containers\ncontainernetworking-plugins\n[0.8.1-3.0.1]\n- Disable debuginfo\n[0.8.1-3]\n- rebuild to address CVE-2019-9514 and CVE-2019-9512\n- Resolves: #1766318, #1766217\ncontainer-selinux\n[2:2.123.0-1]\n- update to 2.123.0\n- Related: #1774382\nfuse-overlayfs\n[0.4.1-1]\n- Resolves: #1720654 - rebase to v0.4.1\n[0.3-2]\n- rebase\n- Resolves:#1666510\npodman\n[1.4.2-6.0.1]\n- Ensure patch for Oracle docker registry is applied [Orabug: 30533101]\n- delivering fix for [Orabug: 29874238] by Nikita Gerasimov \n[1.4.2-6]\n- update to 1.4.2-stable3\n- Resolves: #1770176\npython-podman-api\n[1.2.0-0.1.gitd0a45fe]\n- Initial package\nrunc\n[1.0.0-61.rc8]\n- backport patches for CVE-2019-16884 from upstream\n- Resolves: #1764182\nskopeo\n[1:0.1.37-6.0.1]\n- Ensure patch for Oracle docker registry is applied [Orabug: 30533101]\n- Add oracle registry into the conf file [Orabug: 29845934]\n- Fix oracle registry login issues [Orabug: 29937192]\n[1:0.1.37-6]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1772136, #1772131\nslirp4netns\n[0.3.0-4]\n- Fix CVE-2019-14378 (#1755595).\n[0.3.0-3]\n- Resolves: #1683217 - BR: glib2-devel\n[0.3.0-2]\n- Resolves: #1683217 - bump slirp4netns to v0.3.0\n[0.3.0-1.alpha.2.git30883b5]\n- bump to v0.3.0-alpha.2", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-01-03T00:00:00", "type": "oraclelinux", "title": "container-tools:ol8 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378", "CVE-2019-16884", "CVE-2019-9512", "CVE-2019-9514"], "modified": "2020-01-03T00:00:00", "id": "ELSA-2019-4269", "href": "http://linux.oracle.com/errata/ELSA-2019-4269.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:53", "description": "buildah\n[1.5-4.0.1.gite94b4f9]\n- Fixes troubles with oracle registry login [Orabug: 29937283]\n[1.5-4.gite94b4f9]\n- fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'\n- Resolves: #1819431\ncontainer-selinux\n[2:2.124.0-1.gitf958d0c]\n- update to 2.124.0\n- Resolves: #1816541\n[2:2.94-2.git1e99f1d]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766316, #1766215\nslirp4netns\n[0.1-5.dev.gitc4e1bc5]\n- backport fix for CVE-2020-7039\n- Resolves: #1791578\n[0.1-4.dev.gitc4e1bc5]\n- actually add CVE-2019-14378 patch to dist-git\n- Related: RHELPLAN-25139", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-13T00:00:00", "type": "oraclelinux", "title": "container-tools:1.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2019-9512", "CVE-2019-9514", "CVE-2020-10696", "CVE-2020-7039"], "modified": "2020-05-13T00:00:00", "id": "ELSA-2020-1926", "href": "http://linux.oracle.com/errata/ELSA-2020-1926.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:52", "description": "hivex\nlibguestfs\n[1:1.38.4-14.0.1]\n- Config supermin to use host yum.conf in ol8 [Orabug: 29319324]\n- Set DISTRO_ORACLE_LINUX correspeonding to ol\n[1:1.38.4-14]\n- v2v: use -T as argument of scp when copying vmx files via ssh\n resolves: rhbz#1738886\n* Fri Jun 28 2019 Danilo de Paula \n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[1:1.38.4-12]\n- v2v: update nbdkit information in documentation\n resolves: rhbz#1651115\n- v2v: use proper SELinux label for nbdkit sockets\n resolves: rhbz#1717088\nlibguestfs-winsupport\n[8.0-4]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\nlibiscsi\n[1.18.0-8]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[1.18.0-7.el8]\n- libiscsi-redhat-Remove-disable-werror-from-spec-file.patch [bz#1581025]\n- Resolves: bz#1581025\n (Remove --disable-werror from spec file)\n[-]\n- libiscsi-fix-connection-to-LUN-with-IPv6-address.patch [bz#1597942]\n- Resolves: bz#1597942\n (Qemu-kvm fails to connect to iscsi LUN by IPV6 address)\n[1.18.0-5.el8]\n- libiscsi-iser_rcv_completion-unify-error-handling.patch [bz#1634541]\n- libiscsi-iser-fix-posting-of-receive-descriptors.patch [bz#1634541]\n- libiscsi-sync-remove-unnecessary-checks.patch [bz#1634541]\n- libiscsi-do-not-warn-for-strncpy.patch [bz#1634541]\n- libiscsi-avoid-fallthrough.patch [bz#1634541]\n- libiscsi-avoid-truncation-when-logging-message-that-includes-.patch [bz#1634541]\n- Resolves: bz#1634541\n (Fix important coverity issues (libiscsi))\n[1.18.0-4.el8]\n- Fixed a build issue with the latest rdma-core\n[1.18.0-2]\n- Fix rdma deps and don't restrict archs\n- Add --disable-werror to fix gcc8 build (bz #1556044)\n- Spec file cleanups (bz #1483290)\n[1.18.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[1.18.0-1]\n- Rebased to version 1.18.0\n- Added patch to fix gcc7 warnings\n[1.15.0-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[1.15.0-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[1.15.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[1.15.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[1.15.0-1]\n- Rebased to version 1.15.0\n- Removed patch 20 as it has been upstreamed\n- Disabled patch 12 as need for revised one is in question\n- Updated patch 13 to current tree\n- New tool iscsi-perf\n[1.11.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[1.11.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.11.0-1]\n- Rebased to version 1.11.0\n- Most patches removed\n- New tool iscsi-swp + manpages\n[1.9.0-6]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[1.9.0-5]\n- Rebuild for new libgcrypt\n[1.9.0-4]\n- Cleaned up patches 18/19 to match upstream more closely\n[1.9.0-3]\n- Improved patch 18 to cover write side too\n[1.9.0-2]\n- Add patch 18 to fix QEMU's scsi-generic mode\n[1.9.0-1]\n- Rebase to 1.9.0\n- Cherry-pick selected patches from upstream\n[1.7.0-6]\n- Add patch 5 to silence strict aliasing warnings\n[1.7.0-5]\n- Add patch 4 to enable installing of iscsi-test binary\n[1.7.0-4]\n- Add patch 2 for FIPS mode\n- Add patch 3 to avoid segmentation fault on iscsi-tools\n[1.7.0-3]\n- Correct license for libiscsi-utils, prefer %global to %define\n- Add Requires\n- Remove percent-clean section\n[1.7.0-2]\n- Use percent-config for ld.so.conf.d file.\n[1.7.0-1]\n- Initial version (bug 914752)\nlibvirt\n[4.5.0-35.2.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-35.2.el8]\n- cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)\n- cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135)\n[4.5.0-35.1.el8]\n- cpu_conf: Pass policy to CPU feature filtering callbacks (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemuxml2*test: Add tests for Icelake-Server, -pconfig (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemu: Drop disabled CPU features unknown to QEMU (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- cputest: Add data for Ice Lake Server CPU (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- cpu_map: Drop pconfig from Icelake-Server CPU model (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n- qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal (rhbz#1775133, rhbz#1775134, rhbz#1775137)\n[4.5.0-35]\n- vircgroupv2: fix setting cpu.max period (rhbz#1749227)\n[4.5.0-34]\n- vircgroupv2: fix abort in VIR_AUTOFREE (rhbz#1747440)\n[4.5.0-33]\n- vircgroupv2: fix parsing multiple values in single file (rhbz#1741825)\n- vircgroupv2: fix virCgroupV2GetCpuCfsQuota for 'max' value (rhbz#1741837)\n[4.5.0-32]\n- virDomainObjListAddLocked: Produce better error message than 'Duplicate key' (rhbz#1737790)\n- virdbus: Grab a ref as long as the while loop is executed (rhbz#1741900)\n[4.5.0-31]\n- virDomainObjListAddLocked: fix double free (rhbz#1728530)\n- docs: schemas: Decouple the virtio options from each other (rhbz#1729675)\n- util: command: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434)\n- util: command: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1721434)\n- util: netdevopenvswitch: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434)\n- util: virnetdevopenvswitch: Drop an unused variable @ovs_timeout (rhbz#1721434)\n- util: netdevopenvswitch: use VIR_AUTOPTR for aggregate types (rhbz#1721434)\n- util: suppress unimportant ovs-vsctl errors when getting interface stats (rhbz#1721434)\n- virNetDevOpenvswitchInterfaceStats: Optimize for speed (rhbz#1721434)\n- test: Introduce virnetdevopenvswitchtest (rhbz#1721434)\n- vircommand: Separate mass FD closing into a function (rhbz#1721434)\n- virCommand: use procfs to learn opened FDs (rhbz#1721434)\n- util: command: Ignore bitmap errors when enumerating file descriptors to close (rhbz#1721434)\n- util: Avoid possible error in virCommandMassClose (rhbz#1721434)\n- vircgroup: fix cgroups v2 controllers detection (rhbz#1689297)\n- vircgroupv2: store enabled controllers (rhbz#1689297)\n[4.5.0-30]\n- virWaitForDevices: Drop confusing part of comment (rhbz#1710575)\n- lib: Drop UDEVSETTLE (rhbz#1710575)\n- m4: Provide default value fore UDEVADM (rhbz#1710575)\n- m4: Drop needless string checks (rhbz#1710575)\n- util: vircgroup: introduce virCgroup(Get|Set)ValueRaw (rhbz#1658890)\n- util: vircgroup: move virCgroupGetValueStr out of virCgroupGetValueForBlkDev (rhbz#1658890)\n- util: vircgroupv1: add support for BFQ blkio files (rhbz#1658890)\n- util: vircgroupv2: add support for BFQ files (rhbz#1658890)\n- Handle copying bitmaps to larger data buffers (rhbz#1703160)\n[4.5.0-29]\n- cpu: allow include files for CPU definition (rhbz#1686895)\n- cpu: fix cleanup when signature parsing fails (rhbz#1686895)\n- cpu: push more parsing logic into common code (rhbz#1686895)\n- cpu: simplify failure cleanup paths (rhbz#1686895)\n- cpu_map: Add support for arch-capabilities feature (rhbz#1693433)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1686895)\n- cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1686895)\n- cputest: Add data for Intel(R) Xeon(R) CPU E7540 (rhbz#1686895)\n- cputest: Add data for Intel(R) Xeon(R) CPU E5-2650 (rhbz#1686895)\n- cputest: Add data for Intel(R) Core(TM) i7-8700 (rhbz#1686895)\n- cpu_x86: Separate ancestor model parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate signature parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate vendor parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Separate feature list parsing from x86ModelParse (rhbz#1686895)\n- cpu_x86: Make sure CPU model names are unique in cpu_map (rhbz#1686895)\n- cpu_x86: Add x86ModelCopySignatures helper (rhbz#1686895)\n- cpu_x86: Store CPU signature in an array (rhbz#1686895)\n- cpu_x86: Allow multiple signatures for a CPU model (rhbz#1686895)\n- cpu_x86: Log decoded CPU model and signatures (rhbz#1686895)\n- qemu_capabilities: Inroduce virQEMUCapsGetCPUModelX86Data (rhbz#1686895)\n- qemu_capabilities: Introduce virQEMUCapsGetCPUModelInfo (rhbz#1686895)\n- qemu_capabilities: Use virQEMUCapsGetCPUModelInfo (rhbz#1686895)\n- cpu_x86: Add virCPUx86DataGetSignature for tests (rhbz#1686895)\n- cpu_map: Add hex representation of signatures (rhbz#1686895)\n- cputest: Test CPU signatures (rhbz#1686895)\n- cpu_map: Add more signatures for Conroe CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for Penryn CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for Nehalem CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Westmere CPU model (rhbz#1686895)\n- cpu_map: Add more signatures for SandyBridge CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for IvyBridge CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Haswell CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Broadwell CPU models (rhbz#1686895)\n- cpu_map: Add more signatures for Skylake-Client CPU models (rhbz#1686895)\n- cpu: Don't access invalid memory in virCPUx86Translate (rhbz#1686895)\n- cpu_x86: Require \n within \n in CPU map (rhbz#1697627)\n- cputest: Add data for Intel(R) Xeon(R) Platinum 8268 CPU (rhbz#1693433)\n- cpu_map: Add Cascadelake-Server CPU model (rhbz#1693433)\n- cpu_x86: Introduce virCPUx86DataItem container struct (rhbz#1697627)\n- cpu_x86: Rename virCPUx86Vendor.cpuid (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataItem variables (rhbz#1697627)\n- cpu_x86: Rename x86DataCpuidNext function (rhbz#1697627)\n- cpu_x86: Rename x86DataCpuid (rhbz#1697627)\n- cpu_x86: Rename virCPUx86CPUIDSorter (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataAddCPUIDInt (rhbz#1697627)\n- cpu_x86: Rename virCPUx86DataAddCPUID (rhbz#1697627)\n- cpu_x86: Rename virCPUx86VendorToCPUID (rhbz#1697627)\n- cpu_x86: Simplify x86DataAdd (rhbz#1697627)\n- cpu_x86: Introduce virCPUx86DataCmp (rhbz#1697627)\n- cpu_x86: Make x86cpuidSetBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidClearBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidAndBits more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidMatchMasked more general (rhbz#1697627)\n- cpu_x86: Make x86cpuidMatch more general (rhbz#1697627)\n- cpu_x86: Store virCPUx86DataItem content in union (rhbz#1697627)\n- cpu_x86: Add support for storing MSR features in CPU map (rhbz#1697627)\n- cpu_x86: Move *CheckFeature functions (rhbz#1697627)\n- cputest: Add support for MSR features to cpu-parse.sh (rhbz#1697627)\n- util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically (rhbz#1697627)\n- vircpuhost: Add support for reading MSRs (rhbz#1697627)\n- virhostcpu: Make virHostCPUGetMSR() work only on x86 (rhbz#1697627)\n- cpu_x86: Fix placement of *CheckFeature functions (rhbz#1697627)\n- cpu_conf: Introduce virCPUDefFilterFeatures (rhbz#1697627)\n- qemu_command: Use consistent syntax for CPU features (rhbz#1697627)\n- tests: Add QEMU caps data for future 4.1.0 (rhbz#1697627)\n- tests: Add domain capabilities case for QEMU 4.1.0 (rhbz#1697627)\n- qemuxml2argvtest: Add test for CPU features translation (rhbz#1697627)\n- qemu: Add APIs for translating CPU features (rhbz#1697627)\n- qemu: Probe for max-x86_64-cpu type (rhbz#1697627)\n- qemu: Probe for 'unavailable-features' CPU property (rhbz#1697627)\n- qemu: Probe host CPU after capabilities (rhbz#1697627)\n- qemu_command: Use canonical names of CPU features (rhbz#1697627)\n- qemu: Translate feature names from query-cpu-model-expansion (rhbz#1697627)\n- qemu: Don't use full CPU model expansion (rhbz#1697627)\n- qemu: Make qemuMonitorGetGuestCPU usable on x86 only (rhbz#1697627)\n- cpu: Introduce virCPUDataAddFeature (rhbz#1697627)\n- qemu: Add type filter to qemuMonitorJSONParsePropsList (rhbz#1697627)\n- util: string: Introduce macro for automatic string lists (rhbz#1697627)\n- util: json: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1697627)\n- qemu: Introduce generic qemuMonitorGetGuestCPU (rhbz#1697627)\n- qemu_process: Prefer generic qemuMonitorGetGuestCPU (rhbz#1697627)\n- util: Rework virStringListAdd (rhbz#1697627)\n- conf: Introduce virCPUDefCheckFeatures (rhbz#1697627)\n- cpu_x86: Turn virCPUx86DataIteratorInit into a function (rhbz#1697627)\n- cpu_x86: Introduce virCPUx86FeatureFilter*MSR (rhbz#1697627)\n- cpu_x86: Read CPU features from IA32_ARCH_CAPABILITIES MSR (rhbz#1697627)\n- cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features (rhbz#1697627)\n- qemu: Forbid MSR features with old QEMU (rhbz#1697627)\n- qemu: Drop MSR features from host-model with old QEMU (rhbz#1697627)\n- cpu_x86: Fix memory leak - virCPUx86GetHost (rhbz#1697627)\n- qemu: Use @tmpChr in qemuDomainDetachChrDevice to build device string (rhbz#1624204)\n- qemu: Drop 'user-' prefix for guestfwd netdev (rhbz#1624204)\n- qemu_hotplug: Attach guestfwd using netdev_add (rhbz#1624204)\n- qemu_hotplug: Detach guestfwd using netdev_del (rhbz#1624204)\n- qemuhotplugtest: Test guestfwd attach and detach (rhbz#1624204)\n- daemon: Register secret driver before storage driver (rhbz#1685151)\n- bhyve: Move autostarting of domains into bhyveStateInitialize (rhbz#1685151)\n- Revert 'virStateDriver - Separate AutoStart from Initialize' (rhbz#1685151)\n- Revert 'Separate out StateAutoStart from StateInitialize' (rhbz#1685151)\n- util: moving 'type' argument to avoid issues with mount() syscall. (rhbz#1689297)\n- util: cgroup: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1689297)\n- vircgroup: Rename structs to start with underscore (rhbz#1689297)\n- vircgroup: Introduce standard set of typedefs and use them (rhbz#1689297)\n- vircgroup: Extract file link resolving into separate function (rhbz#1689297)\n- vircgroup: Remove unused function virCgroupKill() (rhbz#1689297)\n- vircgroup: Unexport unused function virCgroupAddTaskController() (rhbz#1689297)\n- vircgroup: Unexport unused function virCgroupRemoveRecursively (rhbz#1689297)\n- vircgroup: Move function used in tests into vircgrouppriv.h (rhbz#1689297)\n- vircgroup: Remove pointless bool parameter (rhbz#1689297)\n- vircgroup: Extract mount options matching into function (rhbz#1689297)\n- vircgroup: Use virCgroupMountOptsMatchController in virCgroupDetectPlacement (rhbz#1689297)\n- vircgroup: Introduce virCgroupEnableMissingControllers (rhbz#1689297)\n- vircgroup: machinename will never be NULL (rhbz#1689297)\n- vircgroup: Remove virCgroupAddTaskController (rhbz#1689297)\n- vircgroup: Introduce virCgroupGetMemoryStat (rhbz#1689297)\n- lxc: Use virCgroupGetMemoryStat (rhbz#1689297)\n- vircgroup: fix MinGW build (rhbz#1689297)\n- vircgroup: Duplicate string before modifying (rhbz#1689297)\n- vircgroup: Extract controller detection into function (rhbz#1689297)\n- vircgroup: Extract placement validation into function (rhbz#1689297)\n- vircgroup: Split virCgroupPathOfController into two functions (rhbz#1689297)\n- vircgroup: Call virCgroupRemove inside virCgroupMakeGroup (rhbz#1689297)\n- vircgroup: Simplify if conditions in virCgroupMakeGroup (rhbz#1689297)\n- vircgroup: Remove obsolete sa_assert (rhbz#1689297)\n- tests: Resolve possible overrun (rhbz#1689297)\n- vircgroup: cleanup controllers not managed by systemd on error (rhbz#1689297)\n- vircgroup: fix bug in virCgroupEnableMissingControllers (rhbz#1689297)\n- vircgroup: rename virCgroupAdd.*Task to virCgroupAdd.*Process (rhbz#1689297)\n- vircgroup: introduce virCgroupTaskFlags (rhbz#1689297)\n- vircgroup: introduce virCgroupAddThread (rhbz#1689297)\n- vircgroupmock: cleanup unused cgroup files (rhbz#1689297)\n- vircgroupmock: rewrite cgroup fopen mocking (rhbz#1689297)\n- vircgrouptest: call virCgroupDetectMounts directly (rhbz#1689297)\n- vircgrouptest: call virCgroupNewSelf instead virCgroupDetectMounts (rhbz#1689297)\n- util: introduce vircgroupbackend files (rhbz#1689297)\n- vircgroup: introduce cgroup v1 backend files (rhbz#1689297)\n- vircgroup: extract virCgroupV1Available (rhbz#1689297)\n- vircgroup: detect available backend for cgroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1ValidateMachineGroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1CopyMounts (rhbz#1689297)\n- vircgroup: extract v1 detect functions (rhbz#1689297)\n- vircgroup: extract virCgroupV1CopyPlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1ValidatePlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1StealPlacement (rhbz#1689297)\n- vircgroup: extract virCgroupV1DetectControllers (rhbz#1689297)\n- vircgroup: extract virCgroupV1HasController (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetAnyController (rhbz#1689297)\n- vircgroup: extract virCgroupV1PathOfController (rhbz#1689297)\n- vircgroup: extract virCgroupV1MakeGroup (rhbz#1689297)\n- vircgroup: extract virCgroupV1Remove (rhbz#1689297)\n- vircgroup: extract virCgroupV1AddTask (rhbz#1689297)\n- vircgroup: extract virCgroupV1HasEmptyTasks (rhbz#1689297)\n- vircgroup: extract virCgroupV1BindMount (rhbz#1689297)\n- vircgroup: extract virCgroupV1SetOwner (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioWeight (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetBlkioIoServiced (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetBlkioIoDeviceServiced (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWeight (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadIops (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteIops (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadBps (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteBps (rhbz#1689297)\n- vircgroup: extract virCgroupV1SetMemory (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemoryStat (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemoryUsage (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)Memory*Limit (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetMemSwapUsage (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Allow|Deny)Device (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Allow|Deny)AllDevices (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuShares (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuCfsPeriod (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpuCfsQuota (rhbz#1689297)\n- vircgroup: extract virCgroupV1SupportsCpuBW (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetCpuacct*Usage (rhbz#1689297)\n- vircgroup: extract virCgroupV1GetCpuacctStat (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)FreezerState (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetMems (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetMemoryMigrate (rhbz#1689297)\n- vircgroup: extract virCgroupV1(Set|Get)CpusetCpus (rhbz#1689297)\n- vircgroup: rename virCgroupController into virCgroupV1Controller (rhbz#1689297)\n- vircgroup: rename controllers to legacy (rhbz#1689297)\n- vircgroup: remove VIR_CGROUP_SUPPORTED (rhbz#1689297)\n- vircgroup: include system headers only on linux (rhbz#1689297)\n- vircgroupv1: fix build on non-linux OSes (rhbz#1689297)\n- Revert 'vircgroup: cleanup controllers not managed by systemd on error' (rhbz#1689297)\n- util: introduce cgroup v2 files (rhbz#1689297)\n- vircgroup: introduce virCgroupV2Available (rhbz#1689297)\n- vircgroup: introduce virCgroupV2ValidateMachineGroup (rhbz#1689297)\n- vircgroup: introduce virCgroupV2CopyMounts (rhbz#1689297)\n- vircgroup: introduce virCgroupV2CopyPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectMounts (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2ValidatePlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2StealPlacement (rhbz#1689297)\n- vircgroup: introduce virCgroupV2DetectControllers (rhbz#1689297)\n- vircgroup: introduce virCgroupV2HasController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetAnyController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2PathOfController (rhbz#1689297)\n- vircgroup: introduce virCgroupV2MakeGroup (rhbz#1689297)\n- vircgroup: introduce virCgroupV2Remove (rhbz#1689297)\n- vircgroup: introduce virCgroupV2AddTask (rhbz#1689297)\n- vircgroup: introduce virCgroupV2HasEmptyTasks (rhbz#1689297)\n- vircgroup: introduce virCgroupV2BindMount (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SetOwner (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioWeight (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetBlkioIoServiced (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetBlkioIoDeviceServiced (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWeight (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadIops (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteIops (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadBps (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteBps (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SetMemory (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemoryStat (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemoryUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemoryHardLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemorySoftLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)MemSwapHardLimit (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetMemSwapUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuShares (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuCfsPeriod (rhbz#1689297)\n- vircgroup: introduce virCgroupV2(Set|Get)CpuCfsQuota (rhbz#1689297)\n- vircgroup: introduce virCgroupV2SupportsCpuBW (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetCpuacctUsage (rhbz#1689297)\n- vircgroup: introduce virCgroupV2GetCpuacctStat (rhbz#1689297)\n- vircgroup: register cgroup v2 backend (rhbz#1689297)\n- vircgroup: add support for hybrid configuration (rhbz#1689297)\n- vircgroupmock: change cgroup prefix (rhbz#1689297)\n- vircgroupmock: add support to test cgroup v2 (rhbz#1689297)\n- vircgrouptest: introduce initFakeFS and cleanupFakeFS helpers (rhbz#1689297)\n- vircgrouptest: prepare testCgroupDetectMounts for cgroup v2 (rhbz#1689297)\n- vircgrouptest: add detect mounts test for cgroup v2 (rhbz#1689297)\n- vircgrouptest: add detect mounts test for hybrid cgroups (rhbz#1689297)\n- vircgrouptest: prepare validateCgroup for cgroupv2 (rhbz#1689297)\n- vircgrouptest: add cgroup v2 tests (rhbz#1689297)\n- vircgrouptest: add hybrid tests (rhbz#1689297)\n- virt-host-validate: rewrite cgroup detection to use util/vircgroup (rhbz#1689297)\n- virt-host-validate: require freezer for LXC (rhbz#1689297)\n- virt-host-validate: Fix build on non-Linux (rhbz#1689297)\n- tests: Use correct function name in error path (rhbz#1689297)\n- util: Fix virCgroupGetMemoryStat (rhbz#1689297)\n- tests: Augment vcgrouptest to add virCgroupGetMemoryStat (rhbz#1689297)\n- vircgroup: introduce virCgroupKillRecursiveCB (rhbz#1689297)\n- vircgroupv2: fix virCgroupV2ValidateMachineGroup (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetMems (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate (rhbz#1689297)\n- util: implement virCgroupV2(Set|Get)CpusetCpus (rhbz#1689297)\n- util: enable cgroups v2 cpuset controller for threads (rhbz#1689297)\n- util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB (rhbz#1689297)\n- internal: introduce a family of NULLSTR macros (rhbz#1689297)\n- util: vircgroup: improve controller detection (rhbz#1689297)\n- util: vircgroupv2: use any controller to create thread directory (rhbz#1689297)\n- util: vircgroupv2: enable CPU controller only if it's available (rhbz#1689297)\n- util: vircgroupv2: separate return values of virCgroupV2EnableController (rhbz#1689297)\n- util: vircgroupv2: don't error out if enabling controller fails (rhbz#1689297)\n- util: vircgroupv2: mark only requested controllers as available (rhbz#1689297)\n- Revert 'util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB' (rhbz#1689297)\n- util: vircgroupv2: stop enabling missing controllers with systemd (rhbz#1689297)\n[4.5.0-28]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[4.5.0-27]\n- RHEL: spec: Disable gluster on i686 (rhbz#1722668)\n- rpc: virnetlibsshsession: update deprecated functions (rhbz#1722735)\n[4.5.0-26]\n- api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161)\n- api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166)\n- api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167)\n- api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168)\n[4.5.0-25]\n- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)\n- locking: restrict sockets to mode 0600 (CVE-2019-10132)\n- logging: restrict sockets to mode 0600 (CVE-2019-10132)\n- util: skip RDMA detection for non-PCI network devices (rhbz#1693299)\n- virfile: Detect ceph as shared FS (rhbz#1698133)\n- virfile: added GPFS as shared fs (rhbz#1698133)\n- util: bitmap: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1716943)\n- qemu: Rework setting process affinity (rhbz#1716943)\n- qemu: Set up EMULATOR thread and cpuset.mems before exec()-ing qemu (rhbz#1716943)\n- conf: Add definitions for 'uid' and 'fid' PCI address attributes (rhbz#1508149)\n- qemu: Introduce zPCI capability (rhbz#1508149)\n- qemu: Enable PCI multi bus for S390 guests (rhbz#1508149)\n- conf: Introduce extension flag and zPCI member for PCI address (rhbz#1508149)\n- conf: Introduce address caching for PCI extensions (rhbz#1508149)\n- qemu: Auto add pci-root for s390/s390x guests (rhbz#1508149)\n- conf: use virXMLFormatElement() in virDomainDeviceInfoFormat() (rhbz#1508149)\n- conf: Introduce parser, formatter for uid and fid (rhbz#1508149)\n- qemu: Add zPCI address definition check (rhbz#1508149)\n- conf: Allocate/release 'uid' and 'fid' in PCI address (rhbz#1508149)\n- qemu: Generate and use zPCI device in QEMU command line (rhbz#1508149)\n- qemu: Add hotpluging support for PCI devices on S390 guests (rhbz#1508149)\n- qemuDomainRemoveRNGDevice: Remove associated chardev too (rhbz#1508149)\n- qemu_hotplug: remove erroneous call to qemuDomainDetachExtensionDevice() (rhbz#1508149)\n- qemu_hotplug: remove another erroneous qemuDomainDetachExtensionDevice() call (rhbz#1508149)\n- util: Propagate numad failures correctly (rhbz#1716907)\n- util: Introduce virBitmapUnion() (rhbz#1716908)\n- util: Introduce virNumaNodesetToCPUset() (rhbz#1716908)\n- qemu: Fix qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Fix leak in qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Drop cleanup label from qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity() (rhbz#1716908)\n- qemuBuildMemoryBackendProps: Pass @priv instead of its individual members (rhbz#1624223)\n- qemu: Don't use -mem-prealloc among with .prealloc=yes (rhbz#1624223)\n- nwfilter: fix adding std MAC and IP values to filter binding (rhbz#1691356)\n- qemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error (rhbz#1658112)\n- qemu_security: Fully implement qemuSecurityDomainSetPathLabel (rhbz#1658112)\n- qemu: process: SEV: Assume libDir to be the directory to create files in (rhbz#1658112)\n- qemu: process: SEV: Relabel guest owner's SEV files created before start (rhbz#1658112)\n[4.5.0-24]\n- tests: qemuxml2argv: add CAPS_ARCH_LATEST macro (rhbz#1698855)\n- qemu: Add ccw support for vhost-vsock (rhbz#1698855)\n- qemu: Allow creating ppc64 guests with graphics and no USB mouse (rhbz#1683681)\n- conf: Expose virDomainSCSIDriveAddressIsUsed (rhbz#1692354)\n- qemuhotplugtest: Don't plug a SCSI disk at unit 7 (rhbz#1692354)\n- qemu_hotplug: Check for duplicate drive addresses (rhbz#1692354)\n- cpu_map: Add support for cldemote CPU feature (rhbz#1537731)\n- util: alloc: add macros for implementing automatic cleanup functionality (rhbz#1505998)\n- qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64 (rhbz#1505998)\n- qemu_domain: add a PPC64 memLockLimit helper (rhbz#1505998)\n- qemu_domain: NVLink2 bridge detection function for PPC64 (rhbz#1505998)\n- PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough (rhbz#1505998)\n- cpu_x86: Do not cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- qemu: Don't cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130)\n[4.5.0-23]\n- network: explicitly allow icmp/icmpv6 in libvirt zonefile (rhbz#1650320)\n[4.5.0-22]\n- util: fix memory leak in virFirewallDInterfaceSetZone() (rhbz#1650320)\n[4.5.0-21]\n- docs: Drop /dev/net/tun from the list of shared devices (rhbz#1665400)\n- qemu: conf: Remove /dev/sev from the default cgroup device acl list (rhbz#1665400)\n- qemu: cgroup: Expose /dev/sev/ only to domains that require SEV (rhbz#1665400)\n- qemu: domain: Add /dev/sev into the domain mount namespace selectively (rhbz#1665400)\n- security: dac: Relabel /dev/sev in the namespace (rhbz#1665400)\n- qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues (rhbz#1665400)\n- qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root (rhbz#1665400)\n- Revert 'RHEL: Require firewalld-filesystem for firewalld rpm macros' (rhbz#1650320)\n- Revert 'RHEL: network: regain guest network connectivity after firewalld switch to nftables' (rhbz#1650320)\n- configure: change HAVE_FIREWALLD to WITH_FIREWALLD (rhbz#1650320)\n- util: move all firewalld-specific stuff into its own files (rhbz#1650320)\n- util: new virFirewallD APIs + docs (rhbz#1650320)\n- configure: selectively install a firewalld 'libvirt' zone (rhbz#1650320)\n- network: set firewalld zone of bridges to 'libvirt' zone when appropriate (rhbz#1650320)\n- network: allow configuring firewalld zone for virtual network bridge device (rhbz#1650320)\n- util: remove test code accidentally committed to virFirewallDZoneExists (rhbz#1650320)\n- qemu: command: Don't skip 'readonly' and throttling info for empty drive (rhbz#1670337)\n[4.5.0-20]\n- RHEL: qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669424)\n[4.5.0-19]\n- qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1666605)\n- tests: qemuxml2argv: Add test case for empty CDROM with cache mode (rhbz#1553255)\n- qemu: command: Don't format image properties for empty -drive (rhbz#1553255)\n[4.5.0-18]\n- conf: correct false boot order error during domain parse (rhbz#1630393)\n- qemu: Remove duplicated qemuAgentCheckError (rhbz#1665000)\n- qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1665000)\n- qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665244)\n- util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback() (rhbz#1583131)\n- util: add a function to insert new interfaces to IPv6CheckForwarding list (rhbz#1583131)\n- util: use nlmsg_find_attr() instead of an open-coded loop (rhbz#1583131)\n- util: check accept_ra for all nexthop interfaces of multipath routes (rhbz#1583131)\n- util: make forgotten changes suggested during review of commit d40b820c (rhbz#1583131)\n[4.5.0-17]\n- virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1659048)\n- RHEL: qemu: Add ability to set sgio values for hostdev (rhbz#1582424)\n- RHEL: qemu: Add check for unpriv sgio for SCSI generic host device (rhbz#1582424)\n- qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656362)\n- qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656362)\n[4.5.0-16]\n- util: Don't overflow in virRandomBits (rhbz#1655586)\n- virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1655586)\n- spec: remove libcgroup and cgconfig (rhbz#1602407)\n- qemu: Drop duplicated code from qemuDomainDefValidateFeatures() (rhbz#1647822)\n- tests: Add capabilities data for QEMU 3.1.0 on ppc64 (rhbz#1647822)\n- qemu: Introduce QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV (rhbz#1647822)\n- conf: Parse and format nested-hv feature (rhbz#1647822)\n- qemu: Format nested-hv feature on the command line (rhbz#1647822)\n- qemu: Add check for whether KVM nesting is enabled (rhbz#1645139)\n- secret: Add check/validation for correct usage when LookupByUUID (rhbz#1656255)\n- cpu: Add support for 'stibp' x86_64 feature (rhbz#1655032)\n[4.5.0-15]\n- virfile: Take symlink into account in virFileIsSharedFixFUSE (rhbz#1634782)\n- qemu: Ignore nwfilter binding instantiation issues during reconnect (rhbz#1648544)\n- qemu: Set identity for the reconnect all thread (rhbz#1648546)\n- Revert 'access: Modify the VIR_ERR_ACCESS_DENIED to include driverName' (rhbz#1631608)\n- access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608)\n- qemu: add vfio-ap capability (rhbz#1508146)\n- qemu: vfio-ap device support (rhbz#1508146)\n- qemu: Extract MDEV VFIO PCI validation code into a separate helper (rhbz#1508146)\n- conf: Move VFIO AP validation from post parse to QEMU validation code (rhbz#1508146)\n- qemu: Fix post-copy migration on the source (rhbz#1649169)\n[4.5.0-14]\n- storage: Remove secretPath from _virStorageBackendQemuImgInfo (rhbz#1645459)\n- storage: Allow for inputvol to have any format for encryption (rhbz#1645459)\n- storage: Allow inputvol to be encrypted (rhbz#1645459)\n- access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608)\n- docs: Enhance polkit documentation to describe secondary connection (rhbz#1631608)\n- qemu: Don't ignore resume events (rhbz#1634758, rhbz#1643338)\n[4.5.0-13]\n- Revert 'spec: Temporarily drop gluster support' (rhbz#1599339)\n[4.5.0-12]\n- RHEL: Require firewalld-filesystem for firewalld rpm macros (rhbz#1639932)\n[4.5.0-11]\n- virfile: fix cast-align error (rhbz#1634782)\n- virfiletest: Fix test name prefix for virFileInData test (rhbz#1634782)\n- virfiletst: Test virFileIsSharedFS (rhbz#1634782)\n- virFileIsSharedFSType: Detect direct mount points (rhbz#1634782)\n- virfile: Rework virFileIsSharedFixFUSE (rhbz#1634782)\n- RHEL: network: regain guest network connectivity after firewalld switch to nftables (rhbz#1638864)\n[4.5.0-10]\n- conf: Fix check for chardev source path (rhbz#1609723)\n- tests: Reuse qemucapabilities data for qemucaps2xml (rhbz#1629862)\n- tests: Add more tests to qemucaps2xml (rhbz#1629862)\n- qemu: Drop QEMU_CAPS_ENABLE_KVM (rhbz#1629862)\n- qemu: Avoid probing non-native binaries all the time (rhbz#1629862)\n- qemu: Clarify QEMU_CAPS_KVM (rhbz#1629862)\n- qemu: Don't check for /dev/kvm presence (rhbz#1629862)\n- tests: Follow up on qemucaps2xmldata rename (rhbz#1629862)\n- security: dac: also label listen UNIX sockets (rhbz#1634775)\n- spec: Set correct TLS priority (rhbz#1632269)\n- spec: Build ceph and gluster support everywhere (rhbz#1599546)\n- virsh: Require explicit --domain for domxml-to-native (rhbz#1634769)\n- virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1634782)\n- qemu: fix up permissions for pre-created UNIX sockets (rhbz#1634775)\n- cpu_map: Add features for Icelake CPUs (rhbz#1527657, rhbz#1526625)\n- cpu_map: Add Icelake CPU models (rhbz#1526625)\n- qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT (rhbz#1634758)\n- qemu: Report more appropriate running reasons (rhbz#1634758)\n- qemu: Pass running reason to RESUME event handler (rhbz#1634758)\n- qemu: Map running reason to resume event detail (rhbz#1634758)\n- qemu: Avoid duplicate resume events and state changes (rhbz#1634758)\n- conf: qemu: add support for Hyper-V frequency MSRs (rhbz#1589702)\n- conf: qemu: add support for Hyper-V reenlightenment notifications (rhbz#1589702)\n- conf: qemu: add support for Hyper-V PV TLB flush (rhbz#1589702)\n[4.5.0-9]\n- RHEL: Fix virConnectGetMaxVcpus output (rhbz#1582222)\n- storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1622534)\n- access: Fix nwfilter-binding ACL access API name generation (rhbz#1622540)\n- conf: Add validation of input devices (rhbz#1591240)\n- tests: qemu: Remove disk from graphics-vnc-tls (rhbz#1598167)\n- tests: qemu: test more versions for graphics-vnc-tls (rhbz#1598167)\n- qemu: vnc: switch to tls-creds-x509 (rhbz#1598167)\n- qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624740)\n- virDomainDefCompatibleDevice: Relax alias change check (rhbz#1603133)\n- virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1603133)\n- virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623158)\n- RHEL: spec: Require python3-devel on RHEL-8 (rhbz#1518446)\n- qemu: monitor: Remove qemuMonitorJSONExtractCPUArchInfo wrapper (rhbz#1598829)\n- qemu: monitor: Use 'target' instead of 'arch' in reply of 'query-cpus-fast' (rhbz#1598829)\n[4.5.0-8]\n- tests: Add missing thread_siblings_list files (rhbz#1608479)\n- util: Rewrite virHostCPUCountThreadSiblings() (rhbz#1608479)\n- utils: Remove arbitrary limit on socket_id/core_id (rhbz#1608479)\n- tests: Add linux-high-ids test (rhbz#1608479)\n- qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618680)\n- tests: rename hugepages to hugepages-default (rhbz#1615461)\n- tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1615461)\n- tests: rename hugepages-numa into hugepages-numa-default (rhbz#1615461)\n- tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1615461)\n- tests: extract pages-discard out of hugepages-pages (rhbz#1615461)\n- tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1615461)\n- tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1615461)\n- tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1615461)\n- tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1615461)\n- tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1615461)\n- tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1615461)\n- tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1615461)\n- tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1615461)\n- tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1615461)\n- tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1615461)\n- tests: introduce hugepages-nodeset (rhbz#1615461)\n- conf: Move hugepage XML validation check out of qemu_command (rhbz#1615461)\n- conf: Move hugepages validation out of XML parser (rhbz#1615461)\n- conf: Introduce virDomainDefPostParseMemtune (rhbz#1615461)\n- tests: sev: Test launch-security with specific QEMU version (rhbz#1619150)\n- qemu: Fix probing of AMD SEV support (rhbz#1619150)\n- qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1619150)\n- conf: Parse guestfwd channel device info again (rhbz#1610072)\n[4.5.0-7]\n- qemu_migration: Avoid writing to freed memory (rhbz#1615854)\n[4.5.0-6]\n- qemu: Exempt video model 'none' from getting a PCI address on Q35\n- conf: Fix a error msg typo in virDomainVideoDefValidate\n[4.5.0-5]\n- esx storage: Fix typo lsilogic -> lsiLogic\n- networkGetDHCPLeases: Don't always report error if unable to read leases file\n- nwfilter: Resolve SEGV for NWFilter Snoop processing\n- qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs\n- qemuDomainSaveMemory: Don't enforce dynamicOwnership\n- domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl\n- examples: Add clean-traffic-gateway into nwfilters\n[4.5.0-4]\n- qemu: hotplug: don't overwrite error message in qemuDomainAttachNetDevice\n- qemu: hotplug: report error when changing rom enabled attr for net iface\n- qemu: Fix setting global_period cputune element\n- tests: qemucaps: Add test data for upcoming qemu 3.0.0\n- qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend\n- qemu: command: Move graphics iteration to its own function\n- qemu: address: Handle all the video devices within a single loop\n- conf: Introduce virDomainVideoDefClear helper\n- conf: Introduce virDomainDefPostParseVideo helper\n- qemu: validate: Enforce compile time switch type checking for videos\n- tests: Add capabilities data for QEMU 2.11 x86_64\n- tests: Update capabilities data for QEMU 3.0.0 x86_64\n- qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc\n- qemu: caps: Introduce a capability for egl-headless\n- qemu: Introduce a new graphics display type 'headless'\n- qemu: caps: Add vfio-pci.display capability\n- conf: Introduce virDomainGraphicsDefHasOpenGL helper\n- conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys\n- conf: Introduce new \n attribute 'display'\n- qemu: command: Enable formatting vfio-pci.display option onto cmdline\n- docs: Rephrase the mediated devices hostdev section a bit\n- conf: Introduce new video type 'none'\n- virt-xml-validate: Add schema for nwfilterbinding\n- tools: Fix typo generating adapter_wwpn field\n- src: Fix memory leak in virNWFilterBindingDispose\n[4.5.0-3]\n- qemu: hotplug: Do not try to add secret object for TLS if it does not exist\n- qemu: monitor: Make qemuMonitorAddObject more robust against programming errors\n- spec: Explicitly require matching libvirt-libs\n- virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash\n- qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one\n- qemuDomainValidateStorageSource: Relax PR validation\n- virStoragePRDefFormat: Suppress path formatting for migratable XML\n- qemu: Wire up PR_MANAGER_STATUS_CHANGED event\n- qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo\n- qemu: Fetch pr-helper process info on reconnect\n- qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject\n- virsh.pod: Fix a command name typo in nwfilter-binding-undefine\n- docs: schema: Add missing \n to vsock device\n- virnetdevtap: Don't crash on !ifname in virNetDevTapInterfaceStats\n- tests: fix TLS handshake failure with TLS 1.3\n[4.5.0-2]\n- qemu: Add capability for the HTM pSeries feature\n- conf: Parse and format the HTM pSeries feature\n- qemu: Format the HTM pSeries feature\n- qemu: hotplug: Don't access srcPriv when it's not allocated\n- qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE\n- src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs\n- virsh.pod: Drop --persistent for detach-device-alias\n- qemu: don't use chardev FD passing with standalone args\n- qemu: remove chardevStdioLogd param from vhostuser code path\n- qemu: consolidate parameters of qemuBuildChrChardevStr into flags\n- qemu: don't use chardev FD passing for vhostuser backend\n- qemu: fix UNIX socket chardevs operating in client mode\n- qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set\n- spec: Temporarily drop gluster support\n[4.5.0-1]\n- Rebased to libvirt-4.5.0\n[4.3.0-1]\n- Rebased to libvirt-4.3.0\n[4.1.0-2]\n- Fix systemd macro argument with line continuations (rhbz#1558648)\n[4.1.0-1]\n- Rebase to version 4.1.0\n[4.0.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[4.0.0-1]\n- Rebase to version 4.0.0\n[3.10.0-2]\n- Rebuild for xen 4.10\n[3.10.0-1]\n- Rebase to version 3.10.0\n[3.9.0-1]\n- Rebase to version 3.9.0\n[3.8.0-1]\n- Rebase to version 3.8.0\n[3.7.0-1]\n- Rebase to version 3.7.0\n[3.6.0-1]\n- Rebase to version 3.6.0\n[3.5.0-4]\n- Rebuild with binutils fix for ppc64le (#1475636)\n[3.5.0-3]\n- Disabled RBD on i386, arm, ppc64 (rhbz #1474743)\n[3.5.0-2]\n- Rebuild for xen 4.9\n[3.5.0-1]\n- Rebase to version 3.5.0\n[3.4.0-1]\n- Rebase to version 3.4.0\n[3.3.0-1]\n- Rebase to version 3.3.0\n[3.2.0-1]\n- Rebase to version 3.2.0\n[3.1.0-1]\n- Rebase to version 3.1.0\n[3.0.0-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[3.0.0-1]\n- Rebase to version 3.0.0\nlibvirt-dbus\nlibvirt-python\nnbdkit\nnetcf\n[0.2.8-12]\n- Resolves: rhbz#1602628\nperl-Sys-Virt\nqemu-kvm\n[2.12.0-88.0.1.el8_1_0.2]\n- Added bug30251155-remove-upstream-reference [Orabug: 30251155]\n[2.12.0-88.el8_1_0.2]\n- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771970]\n- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771970]\n- Resolves: bz#1771970\n (CVE-2019-11135 virt:rhel/qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-8.1.0.z])\n[2.12.0-88.el8_1_0.1]\n- kvm-s390-PCI-fix-IOMMU-region-init.patch [bz#1764829]\n- Resolves: bz#1764829\n (RHEL8.1 Snapshot3 - Passthrough PCI card goes into error state if used in domain (kvm) [rhel-8.1.0.z])\n[2.12.0-88.el8]\n- Revert fix for bz#1749724 - this got delayed to 8.2\n (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-8])\n[2.12.0-86.el8]\n- kvm-Do-not-run-iotests-on-brew-build.patch [bz#1742819]\n- kvm-target-ppc-spapr-Add-workaround-option-to-SPAPR_CAP_.patch [bz#1744415]\n- kvm-target-ppc-spapr-Add-SPAPR_CAP_CCF_ASSIST.patch [bz#1744415]\n- kvm-i386-x86_cpu_list_feature_names-function.patch [bz#1747185]\n- kvm-i386-unavailable-features-QOM-property.patch [bz#1747185]\n- kvm-file-posix-Handle-undetectable-alignment.patch [bz#1738839]\n- kvm-iotests-Tweak-221-sizing-for-different-hole-granular.patch [bz#1738839]\n- kvm-iotests-Filter-175-s-allocation-information.patch [bz#1738839]\n- kvm-block-posix-Always-allocate-the-first-block.patch [bz#1738839]\n- kvm-iotests-Test-allocate_first_block-with-O_DIRECT.patch [bz#1738839]\n- Resolves: bz#1738839\n (I/O error when virtio-blk disk is backed by a raw image on 4k disk)\n- Resolves: bz#1742819\n (Remove iotests from qemu-kvm builds [RHEL 8.1.0])\n- Resolves: bz#1744415\n (Backport support for count cache flush Spectre v2 mitigation [slow train])\n- Resolves: bz#1747185\n ('filtered-features' QOM property is not available)\n[2.12.0-85.el8]\n- kvm-console-Avoid-segfault-in-screendump.patch [bz#1684383]\n- kvm-usb-hub-clear-suspend-on-detach.patch [bz#1619661]\n- kvm-qemu-img-fix-regression-copying-secrets-during-conve.patch [bz#1727821]\n- Resolves: bz#1619661\n (the attach hub on one hub still exits in device manager after unhotplug)\n- Resolves: bz#1684383\n (qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer)\n- Resolves: bz#1727821\n (Failed to convert a source image to the qcow2 image encrypted by luks)\n[2.12.0-84.el8]\n- kvm-vnc-detect-and-optimize-pageflips.patch [bz#1727033]\n- kvm-block-backend-Make-blk_inc-dec_in_flight-public.patch [bz#1716349]\n- kvm-virtio-blk-Increase-in_flight-for-request-restart-BH.patch [bz#1716349]\n- kvm-block-Fix-AioContext-switch-for-drained-node.patch [bz#1716349]\n- kvm-test-bdrv-drain-AioContext-switch-in-drained-section.patch [bz#1716349]\n- kvm-block-Use-normal-drain-for-bdrv_set_aio_context.patch [bz#1716349]\n- kvm-block-Fix-AioContext-switch-for-bs-drv-NULL.patch [bz#1716347]\n- kvm-iothread-fix-crash-with-invalid-properties.patch [bz#1687541]\n- kvm-iothread-replace-init_done_cond-with-a-semaphore.patch [bz#1687541]\n- kvm-RHEL-disable-hostmem-memfd.patch [bz#1740797]\n- Resolves: bz#1687541\n (qemu aborted when start guest with a big iothreads)\n- Resolves: bz#1716347\n (Qemu Core dump when quit vm that's in status 'paused(io-error)' with data plane enabled)\n- Resolves: bz#1716349\n (qemu with iothreads enabled crashes on resume after enospc pause for disk extension)\n- Resolves: bz#1727033\n (vnc server should detect page-flips and avoid sending fullscreen updates then.)\n- Resolves: bz#1740797\n (Disable memfd in QEMU)\n[2.12.0-83.el8]\n- kvm-hw-block-pflash_cfi01-Add-missing-DeviceReset-handle.patch [bz#1707192]\n- kvm-block-file-posix-Unaligned-O_DIRECT-block-status.patch [bz#1678979]\n- kvm-iotests-Test-unaligned-raw-images-with-O_DIRECT.patch [bz#1678979]\n- kvm-nbd-client-Lower-min_block-for-block-status-unaligne.patch [bz#1678979]\n- kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch [bz#1678979]\n- kvm-nbd-client-Support-qemu-img-convert-from-unaligned-s.patch [bz#1678979]\n- kvm-block-Add-bdrv_get_request_alignment.patch [bz#1678979]\n- kvm-nbd-server-Advertise-actual-minimum-block-size.patch [bz#1678979]\n- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1727642]\n- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1727642]\n- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1727642]\n- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1727642]\n- kvm-tap-set-vhostfd-passed-from-qemu-cli-to-non-blocking.patch [bz#1732642]\n- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734751]\n- Resolves: bz#1678979\n (qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion ret == cpu->kvm_msr_buf->nmsrs' failed.)\n[2.12.0-71.el8]\n- kvm-s390-bios-Skip-bootmap-signature-entries.patch [bz#1683275]\n- Resolves: bz#1683275\n ([IBM 8.1 FEAT] KVM: Secure Linux Boot Toleration (qemu))\n[2.12.0-70.el8]\n- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761]\n- kvm-i386-Add-CPUID-bit-for-WBNOINVD.patch [bz#1561761]\n- kvm-i386-Add-new-CPU-model-Icelake-Server-Client.patch [bz#1561761]\n- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1561761]\n- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1561761]\n- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1561761]\n- kvm-i386-remove-the-new-CPUID-PCONFIG-from-Icelake-Serve.patch [bz#1561761]\n- kvm-Revert-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761]\n- Resolves: bz#1561761\n ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model)\n[2.12.0-69.el8]\n- kvm-tests-crypto-Use-the-IEC-binary-prefix-definitions.patch [bz#1680231]\n- kvm-crypto-expand-algorithm-coverage-for-cipher-benchmar.patch [bz#1680231]\n- kvm-crypto-remove-code-duplication-in-tweak-encrypt-decr.patch [bz#1680231]\n- kvm-crypto-introduce-a-xts_uint128-data-type.patch [bz#1680231]\n- kvm-crypto-convert-xts_tweak_encdec-to-use-xts_uint128-t.patch [bz#1680231]\n- kvm-crypto-convert-xts_mult_x-to-use-xts_uint128-type.patch [bz#1680231]\n- kvm-crypto-annotate-xts_tweak_encdec-as-inlineable.patch [bz#1680231]\n- kvm-crypto-refactor-XTS-cipher-mode-test-suite.patch [bz#1680231]\n- kvm-crypto-add-testing-for-unaligned-buffers-with-XTS-ci.patch [bz#1680231]\n- Resolves: bz#1680231\n (severe performance impact using luks format)\n[2.12.0-68.el8]\n- kvm-s390x-ipl-Try-to-detect-Linux-vs-non-Linux-for-initi.patch [bz#1699070]\n- kvm-loader-Check-access-size-when-calling-rom_ptr-to-avo.patch [bz#1699070]\n- kvm-hw-s390x-Use-the-IEC-binary-prefix-definitions.patch [bz#1699070]\n- kvm-s390x-storage-attributes-fix-CMMA_BLOCK_SIZE-usage.patch [bz#1699070]\n- kvm-s390x-cpumodel-fix-segmentation-fault-when-baselinin.patch [bz#1699070]\n- kvm-hw-s390x-s390-pci-bus-Convert-sysbus-init-function-t.patch [bz#1699070]\n- kvm-s390x-pci-properly-fail-if-the-zPCI-device-cannot-be.patch [bz#1699070]\n- kvm-s390x-pci-rename-hotplug-handler-callbacks.patch [bz#1699070]\n- kvm-s390-avoid-potential-null-dereference-in-s390_pcihos.patch [bz#1699070]\n- kvm-s390x-pci-Send-correct-event-on-hotplug.patch [bz#1699070]\n- kvm-s390x-pci-Set-the-iommu-region-size-mpcifc-request.patch [bz#1699070]\n- kvm-s390x-pci-Always-delete-and-free-the-release_timer.patch [bz#1699070]\n- kvm-s390x-pci-Ignore-the-unplug-call-if-we-already-have-.patch [bz#1699070]\n- kvm-s390x-pci-Use-hotplug_dev-instead-of-looking-up-the-.patch [bz#1699070]\n- kvm-s390x-pci-Move-some-hotplug-checks-to-the-pre_plug-h.patch [bz#1699070]\n- kvm-s390x-pci-Introduce-unplug-requests-and-split-unplug.patch [bz#1699070]\n- kvm-s390x-pci-Drop-release-timer-and-replace-it-with-a-f.patch [bz#1699070]\n- kvm-s390x-pci-mark-zpci-devices-as-unmigratable.patch [bz#1699070]\n- kvm-s390x-pci-Fix-primary-bus-number-for-PCI-bridges.patch [bz#1699070]\n- kvm-s390x-pci-Fix-hotplugging-of-PCI-bridges.patch [bz#1699070]\n- kvm-s390x-pci-Warn-when-adding-PCI-devices-without-the-z.patch [bz#1699070]\n- kvm-s390x-pci-Unplug-remaining-requested-devices-on-pcih.patch [bz#1699070]\n- kvm-s390x-refactor-reset-reipl-handling.patch [bz#1699070]\n- kvm-s390-ipl-fix-ipl-with-no-reboot.patch [bz#1699070]\n- Resolves: bz#1699070\n (Backport s390x-related fixes for qemu-kvm)\n[2.12.0-67.el8]\n- kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693116]\n- Resolves: bz#1693116\n (CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-8.0])\n[2.12.0-66.el8]\n- kvm-iotests-153-Fix-dead-code.patch [bz#1694148]\n- kvm-file-posix-Include-filename-in-locking-error-message.patch [bz#1694148]\n- kvm-file-posix-Skip-effectiveless-OFD-lock-operations.patch [bz#1694148]\n- kvm-file-posix-Drop-s-lock_fd.patch [bz#1694148]\n- kvm-tests-Add-unit-tests-for-image-locking.patch [bz#1694148]\n- kvm-file-posix-Fix-shared-locks-on-reopen-commit.patch [bz#1694148]\n- kvm-iotests-Test-file-posix-locking-and-reopen.patch [bz#1694148]\n- kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch [bz#1694148]\n- kvm-hostmem-file-remove-object-id-from-pmem-error-messag.patch [bz#1687596]\n- kvm-redhat-setting-target-release-to-rhel-8.1.0.patch []\n- kvm-redhat-removing-iotest-182.patch []\n- Resolves: bz#1687596\n ([Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL))\n- Resolves: bz#1694148\n (QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks)\n[2.12.0-65.el8]\n- kvm-s390x-cpumodel-mepochptff-warn-when-no-mepoch-and-re.patch [bz#1664371]\n- kvm-s390x-cpumodel-add-z14-GA2-model.patch [bz#1664371]\n- kvm-redhat-s390x-cpumodel-enable-mepoch-by-default-for-z.patch [bz#1664371]\n- kvm-intel_iommu-fix-operator-in-vtd_switch_address_space.patch [bz#1662272]\n- kvm-intel_iommu-reset-intr_enabled-when-system-reset.patch [bz#1662272]\n- kvm-pci-msi-export-msi_is_masked.patch [bz#1662272]\n- kvm-i386-kvm-ignore-masked-irqs-when-update-msi-routes.patch [bz#1662272]\n- Resolves: bz#1662272\n (Boot guest with device assignment+vIOMMU, qemu prompts 'vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0' when first rebooting guest)\n- Resolves: bz#1664371\n ([IBM 8.1 FEAT] Update hardware CPU Model z14 (kvm) - qemu part)\n[2.12.0-64.el8]\n- kvm-doc-fix-the-configuration-path.patch [bz#1645411]\n- kvm-Increase-number-of-iotests-being-run-as-a-part-of-RH.patch [bz#1664463]\n- kvm-Load-kvm-module-during-boot.patch [bz#1676907 bz#1685995]\n- kvm-qemu-kvm.spec.template-Update-pyton-path-to-system-i.patch []\n- Resolves: bz#1645411\n (the 'fsfreeze-hook' script path shown by command 'qemu-ga --help' or 'man qemu-ga' is wrong)\n- Resolves: bz#1664463\n (Modify iotest behavior to include luks and nbd and fail build if iotests fail)\n- Resolves: bz#1676907\n (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt)\n- Resolves: bz#1685995\n (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt)\n[2.12.0-63.el8]\n- kvm-scsi-generic-avoid-possible-out-of-bounds-access-to-.patch [bz#1668162]\n- Resolves: bz#1668162\n (CVE-2019-6501 qemu-kvm: QEMU: scsi-generic: possible OOB access while handling inquiry request [rhel-8])\n[2.12.0-62.el8]\n- kvm-slirp-check-data-length-while-emulating-ident-functi.patch [bz#1669069]\n- Resolves: bz#1669069\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-8.0])\n[2.12.0-61.el8]\n- kvm-qemu-ga-make-get-fsinfo-work-over-pci-bridges.patch [bz#1666952]\n- kvm-qga-fix-driver-leak-in-guest-get-fsinfo.patch [bz#1666952]\n- Resolves: bz#1666952\n (qemu-guest-agent does not parse PCI bridge links in 'build_guest_fsinfo_for_real_device' (q35))\n[2.12.0-60.el8]\n- kvm-ne2000-fix-possible-out-of-bound-access-in-ne2000_re.patch [bz#1636784]\n- kvm-rtl8139-fix-possible-out-of-bound-access.patch [bz#1636784]\n- kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636784]\n- kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636784]\n- kvm-net-drop-too-large-packet-early.patch [bz#1636784]\n- kvm-net-hub-suppress-warnings-of-no-host-network-for-qte.patch [bz#1636784]\n- kvm-virtio-net-test-accept-variable-length-argument-in-p.patch [bz#1636784]\n- kvm-virtio-net-test-remove-unused-macro.patch [bz#1636784]\n- kvm-virtio-net-test-add-large-tx-buffer-test.patch [bz#1636784]\n- kvm-s390x-Return-specification-exception-for-unimplement.patch [bz#1668261]\n- kvm-cpus-ignore-ESRCH-in-qemu_cpu_kick_thread.patch [bz#1665844]\n- Resolves: bz#1636784\n (CVE-2018-17963 qemu-kvm: Qemu: net: ignore packets with large size [rhel-8])\n- Resolves: bz#1665844\n (Guest quit with error when hotunplug cpu)\n- Resolves: bz#1668261\n ([RHEL8] Backport diag308 stable exception fix (qemu-kvm))\n[2.12.0-59.el8]\n- kvm-hw-scsi-cleanups-before-VPD-BL-emulation.patch [bz#1639957]\n- kvm-hw-scsi-centralize-SG_IO-calls-into-single-function.patch [bz#1639957]\n- kvm-hw-scsi-add-VPD-Block-Limits-emulation.patch [bz#1639957]\n- kvm-scsi-disk-Block-Device-Characteristics-emulation-fix.patch [bz#1639957]\n- kvm-scsi-generic-keep-VPD-page-list-sorted.patch [bz#1639957]\n- kvm-scsi-generic-avoid-out-of-bounds-access-to-VPD-page-.patch [bz#1639957]\n- kvm-scsi-generic-avoid-invalid-access-to-struct-when-emu.patch [bz#1639957]\n- kvm-scsi-generic-do-not-do-VPD-emulation-for-sense-other.patch [bz#1639957]\n- Resolves: bz#1639957\n ([RHEL.8] scsi host device passthrough limits IO writes - slow train)\n[2.12.0-58.el8]\n- kvm-block-Update-flags-in-bdrv_set_read_only.patch [bz#1644996]\n- kvm-block-Add-auto-read-only-option.patch [bz#1644996]\n- kvm-rbd-Close-image-in-qemu_rbd_open-error-path.patch [bz#1644996]\n- kvm-block-Require-auto-read-only-for-existing-fallbacks.patch [bz#1644996]\n- kvm-nbd-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-file-posix-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-curl-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-gluster-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-iscsi-Support-auto-read-only-option.patch [bz#1644996]\n- kvm-block-Make-auto-read-only-on-default-for-drive.patch [bz#1644996]\n- kvm-qemu-iotests-Test-auto-read-only-with-drive-and-bloc.patch [bz#1644996]\n- kvm-block-Fix-update-of-BDRV_O_AUTO_RDONLY-in-update_fla.patch [bz#1644996]\n- kvm-qemu-img-Add-C-option-for-convert-with-copy-offloadi.patch [bz#1623082]\n- kvm-iotests-Add-test-for-qemu-img-convert-C-compatibilit.patch [bz#1623082]\n- Resolves: bz#1623082\n ([rhel.8.0]Target files for 'qemu-img convert' do not support thin_provisoning with iscsi/nfs backend)\n- Resolves: bz#1644996\n (block-commit can't be used with -blockdev)\n[2.12.0-57.el8]\n- kvm-qemu-kvm.spec.template-Update-files-for-tests-rpm-to.patch [bz#1601107]\n[2.12.0-56.el8]\n- kvm-Run-iotests-as-part-of-the-build-process.patch [bz#1661026]\n- kvm-Introduce-the-qemu-kvm-tests-rpm.patch [bz#1601107]\n- Resolves: bz#1601107\n (qemu-kvm packaging: make running qemu-iotests more robust)\n- Resolves: bz#1661026\n (Run iotests as part of build process)\n[2.12.0-55.el8]\n- kvm-block-Don-t-inactivate-children-before-parents.patch [bz#1659395]\n- kvm-iotests-Test-migration-with-blockdev.patch [bz#1659395]\n- Resolves: bz#1659395\n (src qemu core dump when do migration ( block device node-name changed after change cdrom) - Slow Train)\n[2.12.0-54.el8]\n- kvm-s390x-tcg-avoid-overflows-in-time2tod-tod2time.patch [bz#1653569]\n- kvm-s390x-kvm-pass-values-instead-of-pointers-to-kvm_s39.patch [bz#1653569]\n- kvm-s390x-tod-factor-out-TOD-into-separate-device.patch [bz#1653569]\n- kvm-s390x-tcg-drop-tod_basetime.patch [bz#1653569]\n- kvm-s390x-tcg-properly-implement-the-TOD.patch [bz#1653569]\n- kvm-s390x-tcg-SET-CLOCK-COMPARATOR-can-clear-CKC-interru.patch [bz#1653569]\n- kvm-s390x-tcg-implement-SET-CLOCK.patch [bz#1653569]\n- kvm-s390x-tcg-rearm-the-CKC-timer-during-migration.patch [bz#1653569]\n- kvm-s390x-tcg-fix-locking-problem-with-tcg_s390_tod_upda.patch [bz#1653569]\n- kvm-hw-s390x-Include-the-tod-qemu-also-for-builds-with-d.patch [bz#1653569]\n- kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1653569]\n- kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1653569]\n- kvm-migration-discard-non-migratable-RAMBlocks.patch [bz#1539285]\n- kvm-vfio-pci-do-not-set-the-PCIDevice-has_rom-attribute.patch [bz#1539285]\n- kvm-memory-exec-Expose-all-memory-block-related-flags.patch [bz#1539285]\n- kvm-memory-exec-switch-file-ram-allocation-functions-to-.patch [bz#1539285]\n- kvm-configure-add-libpmem-support.patch [bz#1539285]\n- kvm-hostmem-file-add-the-pmem-option.patch [bz#1539285]\n- kvm-mem-nvdimm-ensure-write-persistence-to-PMEM-in-label.patch [bz#1539285]\n- kvm-migration-ram-Add-check-and-info-message-to-nvdimm-p.patch [bz#1539285]\n- kvm-migration-ram-ensure-write-persistence-on-loading-al.patch [bz#1539285]\n- Resolves: bz#1539285\n ([Intel 8.0 Bug] [KVM][Crystal Ridge] Lack of data persistence guarantee of QEMU writes to host PMEM)\n- Resolves: bz#1653569\n (Stress guest and stop it, then do live migration, guest hit call trace on destination end)\n[2.12.0-53.el8]\n- kvm-ui-add-qapi-parser-for-display.patch [bz#1652871]\n- kvm-ui-switch-trivial-displays-to-qapi-parser.patch [bz#1652871]\n- kvm-qapi-Add-rendernode-display-option-for-egl-headless.patch [bz#1652871]\n- kvm-ui-Allow-specifying-rendernode-display-option-for-eg.patch [bz#1652871]\n- kvm-qapi-add-query-display-options-command.patch [bz#1652871]\n- Resolves: bz#1652871\n (QEMU doesn't expose rendernode option for egl-headless display type)\n[2.12.0-52.el8]\n- kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276]\n- Resolves: bz#1654276\n (qemu-kvm: Should depend on the architecture-appropriate guest firmware)\n[2.12.0-51.el8]\n- kvm-x86-host-phys-bits-limit-option.patch [bz#1598284]\n- kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1598284]\n- kvm-i386-do-not-migrate-MSR_SMI_COUNT-on-machine-types-2.patch [bz#1659565]\n- kvm-pc-x-migrate-smi-count-to-PC_RHEL_COMPAT.patch [bz#1659565]\n- kvm-slow-train-kvm-clear-out-KVM_ASYNC_PF_DELIVERY_AS_PF.patch [bz#1656829]\n- Resolves: bz#1598284\n ([Intel 8.0 Alpha] physical bits should < 48 when host with 5level paging &EPT5 and qemu command with '-cpu qemu64' parameters.)\n- Resolves: bz#1656829\n (8->7 migration failed: qemu-kvm: error: failed to set MSR 0x4b564d02 to 0x27fc13285)\n- Resolves: bz#1659565\n (machine type: required compat flag x-migrate-smi-count=off)\n[2.12.0-51]\n- kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276]\n- Resolves: bz#1654276\n (qemu-kvm: Should depend on the architecture-appropriate guest firmware)\n[-]\n- kvm-redhat-enable-tpmdev-passthrough.patch [bz#1654486]\n- Resolves: bz#1654486\n ([RFE] enable TPM passthrough at compile time (qemu-kvm))\n[qemu-kvm-2.12.0-48]\n- kvm-redhat-use-autopatch-instead-of-PATCHAPPLY.patch [bz#1613128]\n- kvm-redhat-Removing-some-unused-build-flags-in-the-spec-.patch [bz#1613128]\n- kvm-redhat-Fixing-rhev-ma-conflicts.patch [bz#1613126]\n- kvm-redhat-Remove-_smp_mflags-cleanup-workaround-for-s39.patch [bz#1613128]\n- kvm-redhat-Removing-dead-code-from-the-spec-file.patch [bz#1613128]\n- kvm-i386-Add-stibp-flag-name.patch [bz#1639446]\n- kvm-Add-functional-acceptance-tests-infrastructure.patch [bz#1655807]\n- kvm-scripts-qemu.py-allow-adding-to-the-list-of-extra-ar.patch [bz#1655807]\n- kvm-Acceptance-tests-add-quick-VNC-tests.patch [bz#1655807]\n- kvm-scripts-qemu.py-introduce-set_console-method.patch [bz#1655807]\n- kvm-Acceptance-tests-add-Linux-kernel-boot-and-console-c.patch [bz#1655807]\n- kvm-Bootstrap-Python-venv-for-tests.patch [bz#1655807]\n- kvm-Acceptance-tests-add-make-rule-for-running-them.patch [bz#1655807]\n- Resolves: bz#1613126\n (Check and fix qemu-kvm-rhev and qemu-kvm-ma conflicts in qemu-kvm for rhel-8)\n- Resolves: bz#1613128\n (Spec file clean up)\n- Resolves: bz#1639446\n (Cross migration from RHEL7.5 to RHEL8 shouldn't fail with cpu flag stibp [qemu-kvm])\n- Resolves: bz#1655807\n (Backport avocado-qemu tests for QEMU 2.12)\n[qemu-kvm-2.12.0-47]\n- kvm-Disable-CONFIG_IPMI-and-CONFIG_I2C-for-ppc64.patch [bz#1640044]\n- kvm-Disable-CONFIG_CAN_BUS-and-CONFIG_CAN_SJA1000.patch [bz#1640042]\n- Resolves: bz#1640042\n (Disable CONFIG_CAN_BUS and CONFIG_CAN_SJA1000 config switches)\n- Resolves: bz#1640044\n (Disable CONFIG_I2C and CONFIG_IPMI in default-configs/ppc64-softmmu.mak)\n[qemu-kvm-2.12.0-46]\n- kvm-qcow2-Give-the-refcount-cache-the-minimum-possible-s.patch [bz#1656507]\n- kvm-docs-Document-the-new-default-sizes-of-the-qcow2-cac.patch [bz#1656507]\n- kvm-qcow2-Fix-Coverity-warning-when-calculating-the-refc.patch [bz#1656507]\n- kvm-include-Add-IEC-binary-prefixes-in-qemu-units.h.patch [bz#1656507]\n- kvm-qcow2-Options-documentation-fixes.patch [bz#1656507]\n- kvm-include-Add-a-lookup-table-of-sizes.patch [bz#1656507]\n- kvm-qcow2-Make-sizes-more-humanly-readable.patch [bz#1656507]\n- kvm-qcow2-Avoid-duplication-in-setting-the-refcount-cach.patch [bz#1656507]\n- kvm-qcow2-Assign-the-L2-cache-relatively-to-the-image-si.patch [bz#1656507]\n- kvm-qcow2-Increase-the-default-upper-limit-on-the-L2-cac.patch [bz#1656507]\n- kvm-qcow2-Resize-the-cache-upon-image-resizing.patch [bz#1656507]\n- kvm-qcow2-Set-the-default-cache-clean-interval-to-10-min.patch [bz#1656507]\n- kvm-qcow2-Explicit-number-replaced-by-a-constant.patch [bz#1656507]\n- kvm-block-backend-Set-werror-rerror-defaults-in-blk_new.patch [bz#1657637]\n- kvm-qcow2-Fix-cache-clean-interval-documentation.patch [bz#1656507]\n- Resolves: bz#1656507\n ([RHEL.8] qcow2 cache is too small)\n- Resolves: bz#1657637\n (Wrong werror default for -device drive=\n)\n[qemu-kvm-2.12.0-45]\n- kvm-target-ppc-add-basic-support-for-PTCR-on-POWER9.patch [bz#1639069]\n- kvm-linux-headers-Update-for-nested-KVM-HV-downstream-on.patch [bz#1639069]\n- kvm-target-ppc-Add-one-reg-id-for-ptcr.patch [bz#1639069]\n- kvm-ppc-spapr_caps-Add-SPAPR_CAP_NESTED_KVM_HV.patch [bz#1639069]\n- kvm-Re-enable-CONFIG_HYPERV_TESTDEV.patch [bz#1651195]\n- kvm-qxl-use-guest_monitor_config-for-local-renderer.patch [bz#1610163]\n- kvm-Declare-cirrus-vga-as-deprecated.patch [bz#1651994]\n- kvm-Do-not-build-bluetooth-support.patch [bz#1654651]\n- kvm-vfio-helpers-Fix-qemu_vfio_open_pci-crash.patch [bz#1645840]\n- kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1650272]\n- kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1650272]\n- kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1650272]\n- kvm-vfio-ccw-pci-Allow-devices-to-opt-in-for-ballooning.patch [bz#1650272]\n- kvm-vfio-pci-Handle-subsystem-realpath-returning-NULL.patch [bz#1650272]\n- kvm-vfio-pci-Fix-failure-to-close-file-descriptor-on-err.patch [bz#1650272]\n- kvm-postcopy-Synchronize-usage-of-the-balloon-inhibitor.patch [bz#1650272]\n- Resolves: bz#1610163\n (guest shows border blurred screen with some resolutions when qemu boot with -device qxl-vga ,and guest on rhel7.6 has no such question)\n- Resolves: bz#1639069\n ([IBM 8.0 FEAT] POWER9 - Nested virtualization in RHEL8.0 KVM for ppc64le - qemu-kvm side)\n- Resolves: bz#1645840\n (Qemu core dump when hotplug nvme:// drive via -blockdev)\n- Resolves: bz#1650272\n (Ballooning is incompatible with vfio assigned devices, but not prevented)\n- Resolves: bz#1651195\n (Re-enable hyperv-testdev device)\n- Resolves: bz#1651994\n (Declare the 'Cirrus VGA' device emulation of QEMU as deprecated in RHEL8)\n- Resolves: bz#1654651\n (Qemu: hw: bt: keep bt/* objects from building [rhel-8.0])\n[qemu-kvm-2.12.0-44]\n- kvm-block-Make-more-block-drivers-compile-time-configura.patch [bz#1598842 bz#1598842]\n- kvm-RHEL8-Add-disable-configure-options-to-qemu-spec-fil.patch [bz#1598842]\n- Resolves: bz#1598842\n (Compile out unused block drivers)\n[qemu-kvm-2.12.0-43]\n- kvm-configure-add-test-for-libudev.patch [bz#1636185]\n- kvm-qga-linux-report-disk-serial-number.patch [bz#1636185]\n- kvm-qga-linux-return-disk-device-in-guest-get-fsinfo.patch [bz#1636185]\n- kvm-qemu-error-introduce-error-warn-_report_once.patch [bz#1625173]\n- kvm-intel-iommu-start-to-use-error_report_once.patch [bz#1625173]\n- kvm-intel-iommu-replace-more-vtd_err_-traces.patch [bz#1625173]\n- kvm-intel_iommu-introduce-vtd_reset_caches.patch [bz#1625173]\n- kvm-intel_iommu-better-handling-of-dmar-state-switch.patch [bz#1625173]\n- kvm-intel_iommu-move-ce-fetching-out-when-sync-shadow.patch [bz#1625173 bz#1629616]\n- kvm-intel_iommu-handle-invalid-ce-for-shadow-sync.patch [bz#1625173 bz#1629616]\n- kvm-block-remove-bdrv_dirty_bitmap_make_anon.patch [bz#1518989]\n- kvm-block-simplify-code-around-releasing-bitmaps.patch [bz#1518989]\n- kvm-hbitmap-Add-advance-param-to-hbitmap_iter_next.patch [bz#1518989]\n- kvm-test-hbitmap-Add-non-advancing-iter_next-tests.patch [bz#1518989]\n- kvm-block-dirty-bitmap-Add-bdrv_dirty_iter_next_area.patch [bz#1518989]\n- kvm-blockdev-backup-add-bitmap-argument.patch [bz#1518989]\n- kvm-dirty-bitmap-switch-assert-fails-to-errors-in-bdrv_m.patch [bz#1518989]\n- kvm-dirty-bitmap-rename-bdrv_undo_clear_dirty_bitmap.patch [bz#1518989]\n- kvm-dirty-bitmap-make-it-possible-to-restore-bitmap-afte.patch [bz#1518989]\n- kvm-blockdev-rename-block-dirty-bitmap-clear-transaction.patch [bz#1518989]\n- kvm-qapi-add-transaction-support-for-x-block-dirty-bitma.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-add-user_locked-status-checker.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-fix-merge-permissions.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-allow-clear-on-disabled-bitmaps.patch [bz#1518989]\n- kvm-block-dirty-bitmaps-prohibit-enable-disable-on-locke.patch [bz#1518989]\n- kvm-block-backup-prohibit-backup-from-using-in-use-bitma.patch [bz#1518989]\n- kvm-nbd-forbid-use-of-frozen-bitmaps.patch [bz#1518989]\n- kvm-bitmap-Update-count-after-a-merge.patch [bz#1518989]\n- kvm-iotests-169-drop-deprecated-autoload-parameter.patch [bz#1518989]\n- kvm-block-qcow2-improve-error-message-in-qcow2_inactivat.patch [bz#1518989]\n- kvm-bloc-qcow2-drop-dirty_bitmaps_loaded-state-variable.patch [bz#1518989]\n- kvm-dirty-bitmaps-clean-up-bitmaps-loading-and-migration.patch [bz#1518989]\n- kvm-iotests-improve-169.patch [bz#1518989]\n- kvm-iotests-169-add-cases-for-source-vm-resuming.patch [bz#1518989]\n- kvm-pc-dimm-turn-alignment-assert-into-check.patch [bz#1630116]\n- Resolves: bz#1518989\n (RFE: QEMU Incremental live backup)\n- Resolves: bz#1625173\n ([NVMe Device Assignment] Guest could not boot up with q35+iommu)\n- Resolves: bz#1629616\n (boot guest with q35+vIOMMU+ device assignment, qemu terminal shows 'qemu-kvm: VFIO_UNMAP_DMA: -22' when return assigned network devices from vfio driver to ixgbe in guest)\n- Resolves: bz#1630116\n (pc_dimm_get_free_addr: assertion failed: (QEMU_ALIGN_UP(address_space_start, align) == address_space_start))\n- Resolves: bz#1636185\n ([RFE] Report disk device name and serial number (qemu-guest-agent on Linux))\n[2.12.0-42.el8]\n- kvm-luks-Allow-share-rw-on.patch [bz#1629701]\n- kvm-redhat-reenable-gluster-support.patch [bz#1599340]\n- kvm-redhat-bump-libusb-requirement.patch [bz#1627970]\n- Resolves: bz#1599340\n (Reenable glusterfs in qemu-kvm once BZ#1567292 gets fixed)\n- Resolves: bz#1627970\n (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_set_option)\n- Resolves: bz#1629701\n ('share-rw=on' does not work for luks format image - Fast Train)\n[2.12.0-41.el8]\n- kvm-block-rbd-pull-out-qemu_rbd_convert_options.patch [bz#1635585]\n- kvm-block-rbd-Attempt-to-parse-legacy-filenames.patch [bz#1635585]\n- kvm-block-rbd-add-deprecation-documentation-for-filename.patch [bz#1635585]\n- kvm-block-rbd-add-iotest-for-rbd-legacy-keyvalue-filenam.patch [bz#1635585]\n- Resolves: bz#1635585\n (rbd json format of 7.6 is incompatible with 7.5)\n[2.12.0-40.el8]\n- kvm-vnc-call-sasl_server_init-only-when-required.patch [bz#1609327]\n- kvm-nbd-server-fix-NBD_CMD_CACHE.patch [bz#1636142]\n- kvm-nbd-fix-NBD_FLAG_SEND_CACHE-value.patch [bz#1636142]\n- kvm-test-bdrv-drain-bdrv_drain-works-with-cross-AioConte.patch [bz#1637976]\n- kvm-block-Use-bdrv_do_drain_begin-end-in-bdrv_drain_all.patch [bz#1637976]\n- kvm-block-Remove-recursive-parameter-from-bdrv_drain_inv.patch [bz#1637976]\n- kvm-block-Don-t-manually-poll-in-bdrv_drain_all.patch [bz#1637976]\n- kvm-tests-test-bdrv-drain-bdrv_drain_all-works-in-corout.patch [bz#1637976]\n- kvm-block-Avoid-unnecessary-aio_poll-in-AIO_WAIT_WHILE.patch [bz#1637976]\n- kvm-block-Really-pause-block-jobs-on-drain.patch [bz#1637976]\n- kvm-block-Remove-bdrv_drain_recurse.patch [bz#1637976]\n- kvm-test-bdrv-drain-Add-test-for-node-deletion.patch [bz#1637976]\n- kvm-block-Drain-recursively-with-a-single-BDRV_POLL_WHIL.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-node-deletion-in-subtree-recurs.patch [bz#1637976]\n- kvm-block-Don-t-poll-in-parent-drain-callbacks.patch [bz#1637976]\n- kvm-test-bdrv-drain-Graph-change-through-parent-callback.patch [bz#1637976]\n- kvm-block-Defer-.bdrv_drain_begin-callback-to-polling-ph.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-that-bdrv_drain_invoke-doesn-t-.patch [bz#1637976]\n- kvm-block-Allow-AIO_WAIT_WHILE-with-NULL-ctx.patch [bz#1637976]\n- kvm-block-Move-bdrv_drain_all_begin-out-of-coroutine-con.patch [bz#1637976]\n- kvm-block-ignore_bds_parents-parameter-for-drain-functio.patch [bz#1637976]\n- kvm-block-Allow-graph-changes-in-bdrv_drain_all_begin-en.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-graph-changes-in-drain_all-sect.patch [bz#1637976]\n- kvm-block-Poll-after-drain-on-attaching-a-node.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-bdrv_append-to-drained-node.patch [bz#1637976]\n- kvm-block-linux-aio-acquire-AioContext-before-qemu_laio_.patch [bz#1637976]\n- kvm-util-async-use-qemu_aio_coroutine_enter-in-co_schedu.patch [bz#1637976]\n- kvm-job-Fix-nested-aio_poll-hanging-in-job_txn_apply.patch [bz#1637976]\n- kvm-job-Fix-missing-locking-due-to-mismerge.patch [bz#1637976]\n- kvm-blockjob-Wake-up-BDS-when-job-becomes-idle.patch [bz#1637976]\n- kvm-aio-wait-Increase-num_waiters-even-in-home-thread.patch [bz#1637976]\n- kvm-test-bdrv-drain-Drain-with-block-jobs-in-an-I-O-thre.patch [bz#1637976]\n- kvm-test-blockjob-Acquire-AioContext-around-job_cancel_s.patch [bz#1637976]\n- kvm-job-Use-AIO_WAIT_WHILE-in-job_finish_sync.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-AIO_WAIT_WHILE-in-completion-ca.patch [bz#1637976]\n- kvm-block-Add-missing-locking-in-bdrv_co_drain_bh_cb.patch [bz#1637976]\n- kvm-block-backend-Add-.drained_poll-callback.patch [bz#1637976]\n- kvm-block-backend-Fix-potential-double-blk_delete.patch [bz#1637976]\n- kvm-block-backend-Decrease-in_flight-only-after-callback.patch [bz#1637976]\n- kvm-blockjob-Lie-better-in-child_job_drained_poll.patch [bz#1637976]\n- kvm-block-Remove-aio_poll-in-bdrv_drain_poll-variants.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-nested-poll-in-bdrv_drain_poll_.patch [bz#1637976]\n- kvm-job-Avoid-deadlocks-in-job_completed_txn_abort.patch [bz#1637976]\n- kvm-test-bdrv-drain-AIO_WAIT_WHILE-in-job-.commit-.abort.patch [bz#1637976]\n- kvm-test-bdrv-drain-Fix-outdated-comments.patch [bz#1637976]\n- kvm-block-Use-a-single-global-AioWait.patch [bz#1637976]\n- kvm-test-bdrv-drain-Test-draining-job-source-child-and-p.patch [bz#1637976]\n- kvm-qemu-img-Fix-assert-when-mapping-unaligned-raw-file.patch [bz#1639374]\n- kvm-iotests-Add-test-221-to-catch-qemu-img-map-regressio.patch [bz#1639374]\n- Resolves: bz#1609327\n (qemu-kvm[37046]: Could not find keytab file: /etc/qemu/krb5.tab: Unknown error 49408)\n- Resolves: bz#1636142\n (qemu NBD_CMD_CACHE flaws impacting non-qemu NBD clients)\n- Resolves: bz#1637976\n (Crashes and hangs with iothreads vs. block jobs)\n- Resolves: bz#1639374\n (qemu-img map 'Aborted (core dumped)' when specifying a plain file)\n[2.12.0-39.el8]\n- kvm-linux-headers-update.patch [bz#1508142]\n- kvm-s390x-cpumodel-Set-up-CPU-model-for-AP-device-suppor.patch [bz#1508142]\n- kvm-s390x-kvm-enable-AP-instruction-interpretation-for-g.patch [bz#1508142]\n- kvm-s390x-ap-base-Adjunct-Processor-AP-object-model.patch [bz#1508142]\n- kvm-s390x-vfio-ap-Introduce-VFIO-AP-device.patch [bz#1508142]\n- kvm-s390-doc-detailed-specifications-for-AP-virtualizati.patch [bz#1508142]\n- Resolves: bz#1508142\n ([IBM 8.0 FEAT] KVM: Guest-dedicated Crypto Adapters - qemu part)\n[2.12.0-38.el8]\n- kvm-Revert-hw-acpi-build-build-SRAT-memory-affinity-stru.patch [bz#1609235]\n- kvm-add-udev-kvm-check.patch [bz#1552663]\n- kvm-aio-posix-Don-t-count-ctx-notifier-as-progress-when-.patch [bz#1623085]\n- kvm-aio-Do-aio_notify_accept-only-during-blocking-aio_po.patch [bz#1623085]\n- kvm-aio-posix-fix-concurrent-access-to-poll_disable_cnt.patch [bz#1632622]\n- kvm-aio-posix-compute-timeout-before-polling.patch [bz#1632622]\n- kvm-aio-posix-do-skip-system-call-if-ctx-notifier-pollin.patch [bz#1632622]\n- kvm-intel-iommu-send-PSI-always-even-if-across-PDEs.patch [bz#1450712]\n- kvm-intel-iommu-remove-IntelIOMMUNotifierNode.patch [bz#1450712]\n- kvm-intel-iommu-add-iommu-lock.patch [bz#1450712]\n- kvm-intel-iommu-only-do-page-walk-for-MAP-notifiers.patch [bz#1450712]\n- kvm-intel-iommu-introduce-vtd_page_walk_info.patch [bz#1450712]\n- kvm-intel-iommu-pass-in-address-space-when-page-walk.patch [bz#1450712]\n- kvm-intel-iommu-trace-domain-id-during-page-walk.patch [bz#1450712]\n- kvm-util-implement-simple-iova-tree.patch [bz#1450712]\n- kvm-intel-iommu-rework-the-page-walk-logic.patch [bz#1450712]\n- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1633928]\n- Resolves: bz#1450712\n (Booting nested guest with vIOMMU, the assigned network devices can not receive packets (qemu))\n- Resolves: bz#1552663\n (81-kvm-rhel.rules is no longer part of initscripts)\n- Resolves: bz#1609235\n (Win2016 guest can't recognize pc-dimm hotplugged to node 0)\n- Resolves: bz#1623085\n (VM doesn't boot from HD)\n- Resolves: bz#1632622\n (~40% virtio_blk disk performance drop for win2012r2 guest when comparing qemu-kvm-rhev-2.12.0-9 with qemu-kvm-rhev-2.12.0-12)\n- Resolves: bz#1633928\n (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-8.0])\n[2.12.0-37.el8]\n- kvm-block-for-jobs-do-not-clear-user_paused-until-after-.patch [bz#1635583]\n- kvm-iotests-Add-failure-matching-to-common.qemu.patch [bz#1635583]\n- kvm-block-iotest-to-catch-abort-on-forced-blockjob-cance.patch [bz#1635583]\n- Resolves: bz#1635583\n (Quitting VM causes qemu core dump once the block mirror job paused for no enough target space)\n[2.12.0-36.el8]\n- kvm-check-Only-test-ivshm-when-it-is-compiled-in.patch [bz#1621817]\n- kvm-Disable-ivshmem.patch [bz#1621817]\n- kvm-mirror-Fail-gracefully-for-source-target.patch [bz#1637963]\n- kvm-commit-Add-top-node-base-node-options.patch [bz#1637970]\n- kvm-qemu-iotests-Test-commit-with-top-node-base-node.patch [bz#1637970]\n- Resolves: bz#1621817\n (Disable IVSHMEM in RHEL 8)\n- Resolves: bz#1637963\n (Segfault on 'blockdev-mirror' with same node as source and target)\n- Resolves: bz#1637970\n (allow using node-names with block-commit)\n[2.12.0-35.el8]\n- kvm-redhat-make-the-plugins-executable.patch [bz#1638304]\n- Resolves: bz#1638304\n (the driver packages lack all the library Requires)\n[2.12.0-34.el8]\n- kvm-seccomp-allow-sched_setscheduler-with-SCHED_IDLE-pol.patch [bz#1618356]\n- kvm-seccomp-use-SIGSYS-signal-instead-of-killing-the-thr.patch [bz#1618356]\n- kvm-seccomp-prefer-SCMP_ACT_KILL_PROCESS-if-available.patch [bz#1618356]\n- kvm-configure-require-libseccomp-2.2.0.patch [bz#1618356]\n- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618356]\n- kvm-memory-cleanup-side-effects-of-memory_region_init_fo.patch [bz#1600365]\n- Resolves: bz#1600365\n (QEMU core dumped when hotplug memory exceeding host hugepages and with discard-data=yes)\n- Resolves: bz#1618356\n (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-8])\n[2.12.0-33.el8]\n- kvm-migration-postcopy-Clear-have_listen_thread.patch [bz#1608765]\n- kvm-migration-cleanup-in-error-paths-in-loadvm.patch [bz#1608765]\n- kvm-jobs-change-start-callback-to-run-callback.patch [bz#1632939]\n- kvm-jobs-canonize-Error-object.patch [bz#1632939]\n- kvm-jobs-add-exit-shim.patch [bz#1632939]\n- kvm-block-commit-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-block-mirror-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-jobs-utilize-job_exit-shim.patch [bz#1632939]\n- kvm-block-backup-make-function-variables-consistently-na.patch [bz#1632939]\n- kvm-jobs-remove-ret-argument-to-job_completed-privatize-.patch [bz#1632939]\n- kvm-jobs-remove-job_defer_to_main_loop.patch [bz#1632939]\n- kvm-block-commit-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-mirror-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-stream-add-block-job-creation-flags.patch [bz#1632939]\n- kvm-block-commit-refactor-commit-to-use-job-callbacks.patch [bz#1632939]\n- kvm-block-mirror-don-t-install-backing-chain-on-abort.patch [bz#1632939]\n- kvm-block-mirror-conservative-mirror_exit-refactor.patch [bz#1632939]\n- kvm-block-stream-refactor-stream-to-use-job-callbacks.patch [bz#1632939]\n- kvm-tests-blockjob-replace-Blockjob-with-Job.patch [bz#1632939]\n- kvm-tests-test-blockjob-remove-exit-callback.patch [bz#1632939]\n- kvm-tests-test-blockjob-txn-move-.exit-to-.clean.patch [bz#1632939]\n- kvm-jobs-remove-.exit-callback.patch [bz#1632939]\n- kvm-qapi-block-commit-expose-new-job-properties.patch [bz#1632939]\n- kvm-qapi-block-mirror-expose-new-job-properties.patch [bz#1632939]\n- kvm-qapi-block-stream-expose-new-job-properties.patch [bz#1632939]\n- kvm-block-backup-qapi-documentation-fixup.patch [bz#1632939]\n- kvm-blockdev-document-transactional-shortcomings.patch [bz#1632939]\n- Resolves: bz#1608765\n (After postcopy migration, do savevm and loadvm, guest hang and call trace)\n- Resolves: bz#1632939\n (qemu blockjobs other than backup do not support job-finalize or job-dismiss)\n[2.12.0-32.el8]\n- kvm-Re-enable-disabled-Hyper-V-enlightenments.patch [bz#1625185]\n- kvm-Fix-annocheck-issues.patch [bz#1624164]\n- kvm-exec-check-that-alignment-is-a-power-of-two.patch [bz#1630746]\n- kvm-curl-Make-sslverify-off-disable-host-as-well-as-peer.patch [bz#1575925]\n- Resolves: bz#1575925\n ('SSL: no alternative certificate subject name matches target host name' error even though sslverify = off)\n- Resolves: bz#1624164\n (Review annocheck distro flag failures in qemu-kvm)\n- Resolves: bz#1625185\n (Re-enable disabled Hyper-V enlightenments)\n- Resolves: bz#1630746\n (qemu_ram_mmap: Assertion skip_bytes < pnum' failed.)\n- Resolves: bz#1591076\n (The driver of 'throttle' is not whitelisted)\n- Resolves: bz#1592817\n (Retrying on serial_xmit if the pipe is broken may compromise the Guest)\n- Resolves: bz#1594135\n (system_reset many times linux guests cause qemu process Aborted)\n- Resolves: bz#1595173\n (blockdev-create is blocking)\n- Resolves: bz#1595180\n (Can't set rerror/werror with usb-storage)\n- Resolves: bz#1595740\n (RHEL-Alt-7.6 - qemu has error during migration of larger guests)\n- Resolves: bz#1599335\n (Image creation locking is too tight and is not properly released)\n- Resolves: bz#1599515\n (qemu core-dump with aio_read via hmp (util/qemu-thread-posix.c:64: qemu_mutex_lock_impl: Assertion *pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\\' failed))\n- Resolves: bz#1707192\n (implement missing reset handler for cfi.pflash01 - slow train)\n- Resolves: bz#1727642\n (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu())\n- Resolves: bz#1732642\n (enable the virtio-net frontend to work with the vhost-net backend in SEV guests)\n- Resolves: bz#1734751\n (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-8.1.0])\n[2.12.0-82.el8]\n- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1629906]\n- kvm-i386-Update-stepping-of-Cascadelake-Server.patch [bz#1629906]\n- kvm-target-i386-Disable-MPX-support-on-named-CPU-models.patch [bz#1629906]\n- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-NEW.patch [bz#1629906]\n- kvm-i386-Disable-OSPKE-on-CPU-model-definitions-NEW.patch [bz#1629906]\n- kvm-block-ssh-Convert-from-DPRINTF-macro-to-trace-events.patch [bz#1513367]\n- kvm-block-ssh-Do-not-report-read-write-flush-errors-to-t.patch [bz#1513367]\n- kvm-qemu-iotests-Fix-paths-for-NFS.patch [bz#1513367]\n- kvm-qemu-iotests-Filter-NFS-paths.patch [bz#1513367]\n- kvm-iotests-Filter-SSH-paths.patch [bz#1513367]\n- kvm-block-ssh-Implement-.bdrv_refresh_filename.patch [bz#1513367]\n- kvm-iotests-Use-Python-byte-strings-where-appropriate.patch [bz#1513367]\n- kvm-iotests-Unify-log-outputs-between-Python-2-and-3.patch [bz#1513367]\n- kvm-ssh-switch-from-libssh2-to-libssh.patch [bz#1513367]\n- kvm-redhat-switch-from-libssh2-to-libssh.patch [bz#1513367]\n- kvm-block-gluster-limit-the-transfer-size-to-512-MiB.patch [bz#1728657]\n- kvm-s390-cpumodel-fix-description-for-the-new-vector-fac.patch [bz#1729975]\n- kvm-s390x-cpumodel-remove-esort-from-the-default-model.patch [bz#1729975]\n- kvm-s390x-cpumodel-also-change-name-of-vxbeh.patch [bz#1729975]\n- kvm-s390x-cpumodel-change-internal-name-of-vxpdeh-to-mat.patch [bz#1729975]\n- kvm-target-i386-sev-Do-not-unpin-ram-device-memory-regio.patch [bz#1728958]\n- kvm-i386-Save-EFER-for-32-bit-targets.patch [bz#1689269]\n- kvm-target-i386-rename-HF_SVMI_MASK-to-HF_GUEST_MASK.patch [bz#1689269]\n- kvm-target-i386-kvm-add-VMX-migration-blocker.patch [bz#1689269]\n- kvm-target-i386-kvm-just-return-after-migrate_add_blocke.patch [bz#1689269]\n- kvm-target-i386-kvm-Delete-VMX-migration-blocker-on-vCPU.patch [bz#1689269]\n- kvm-Introduce-kvm_arch_destroy_vcpu.patch [bz#1689269]\n- kvm-target-i386-kvm-Use-symbolic-constant-for-DB-BP-exce.patch [bz#1689269]\n- kvm-target-i386-kvm-Re-inject-DB-to-guest-with-updated-D.patch [bz#1689269]\n- kvm-target-i386-kvm-Block-migration-for-vCPUs-exposed-wi.patch [bz#1689269]\n- kvm-target-i386-kvm-do-not-initialize-padding-fields.patch [bz#1689269]\n- kvm-linux-headers-synchronize-generic-and-x86-KVM-header.patch [bz#1689269]\n- kvm-vmstate-Add-support-for-kernel-integer-types.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-support-for-save-and-restore-nes.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-support-for-KVM_CAP_EXCEPTION_PA.patch [bz#1689269]\n- kvm-target-i386-kvm-Add-nested-migration-blocker-only-wh.patch [bz#1689269]\n- kvm-target-i386-kvm-Demand-nested-migration-kernel-capab.patch [bz#1689269]\n- kvm-target-i386-skip-KVM_GET-SET_NESTED_STATE-if-VMX-dis.patch [bz#1689269]\n- kvm-i386-kvm-Do-not-sync-nested-state-during-runtime.patch [bz#1689269]\n- Resolves: bz#1513367\n (qemu with libssh)\n- Resolves: bz#1629906\n ([Intel 8.1 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)\n- Resolves: bz#1689269\n (Nested KVM: support for migration of nested hypervisors - Slow Train)\n- Resolves: bz#1728657\n ('qemu-io write' to a raw image over libgfapi fails)\n- Resolves: bz#1728958\n (Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region)\n- Resolves: bz#1729975\n (RHEL 8.1 Pre-Beta - Fix for hardware CPU Model)\n[2.12.0-81.el8]\n- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714792]\n- kvm-virtio-gpu-pass-down-VirtIOGPU-pointer-to-a-bunch-of.patch [bz#1531543]\n- kvm-virtio-gpu-add-iommu-support.patch [bz#1531543]\n- kvm-virtio-gpu-fix-unmap-in-error-path.patch [bz#1531543]\n- Resolves: bz#1531543\n ([RFE] add iommu support to virtio-gpu)\n- Resolves: bz#1714792\n ([Intel 8.1 FEAT] MDS_NO exposure to guest)\n[2.12.0-80.el8]\n- kvm-qxl-check-release-info-object.patch [bz#1712705]\n- kvm-iotests-Make-182-do-without-device_add.patch [bz#1707598]\n- Resolves: bz#1707598\n (qemu-iotest 182 fails without device hotplugging support)\n- Resolves: bz#1712705\n (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-8])\n[15:2.12.0-79]\n- Rebuild all virt packages to fix RHEL's upgrade path\n- Resolves: rhbz#1695587\n (Ensure modular RPM upgrade path)\n[2.12.0-78.el8]\n- kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1721983]\n- kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1721983]\n- Resolves: bz#1721983\n (qemu-kvm can't be build with new gluster version (6.0.6))\n[2.12.0-77.el8]\n- kvm-i386-Make-arch_capabilities-migratable.patch [bz#1709970]\n- kvm-spapr-Fix-ibm-max-associativity-domains-property-num.patch [bz#1710662]\n- kvm-linux-headers-Update-for-NVLink2-passthrough-downstr.patch [bz#1710662]\n- kvm-pci-Move-NVIDIA-vendor-id-to-the-rest-of-ids.patch [bz#1710662]\n- kvm-vfio-quirks-Add-common-quirk-alloc-helper.patch [bz#1710662]\n- kvm-vfio-Make-vfio_get_region_info_cap-public.patch [bz#1710662]\n- kvm-spapr-Support-NVIDIA-V100-GPU-with-NVLink2.patch [bz#1710662]\n- kvm-qemu-kvm.spec-bump-libseccomp-2.4.0.patch [bz#1719578]\n- Resolves: bz#1709970\n ([Intel 8.1 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM - qemu-kvm)\n- Resolves: bz#1710662\n ([IBM 8.1 FEAT] POWER9 - Virt: qemu: NVLink2 passthru to guest - Nvidia Volta (GPU) (kvm))\n- Resolves: bz#1719578\n (VM failed to start with error 'failed to install seccomp syscall filter in the kernel')\n[2.12.0-76.el8]\n- kvm-Introduce-new-no_guest_reset-parameter-for-usb-host-.patch [bz#1713677]\n- kvm-usb-call-reset-handler-before-updating-state.patch [bz#1713677]\n- kvm-usb-host-skip-reset-for-untouched-devices.patch [bz#1713677]\n- kvm-usb-host-avoid-libusb_set_configuration-calls.patch [bz#1713677]\n- kvm-virtio-scsi-Move-BlockBackend-back-to-the-main-AioCo.patch [bz#1673396 bz#1673401]\n- kvm-scsi-disk-Acquire-the-AioContext-in-scsi_-_realize.patch [bz#1673396 bz#1673401]\n- kvm-virtio-scsi-Forbid-devices-with-different-iothreads-.patch [bz#1673396 bz#1673401]\n- kvm-Disable-VXHS-support.patch [bz#1714933]\n- Resolves: bz#1673396\n (qemu-kvm core dumped after hotplug the deleted disk with iothread parameter)\n- Resolves: bz#1673401\n (Qemu core dump when start guest with two disks using same drive)\n- Resolves: bz#1713677\n (Detached device when trying to upgrade USB device firmware when in doing USB Passthrough via QEMU)\n- Resolves: bz#1714933\n (Disable VXHS in qemu-kvm)\n[2.12.0-75.el8]\n- kvm-s390x-cpumodel-enum-type-S390FeatGroup-now-gets-gene.patch [bz#1660912]\n- kvm-linux-headers-update-against-Linux-5.2-rc1.patch [bz#1660912]\n- kvm-s390x-cpumodel-ignore-csske-for-expansion.patch [bz#1660912]\n- kvm-s390x-cpumodel-Miscellaneous-Instruction-Extensions-.patch [bz#1660912]\n- kvm-s390x-cpumodel-msa9-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-vector-enhancements.patch [bz#1660912]\n- kvm-s390x-cpumodel-enhanced-sort-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-add-Deflate-conversion-facility.patch [bz#1660912]\n- kvm-s390x-cpumodel-add-gen15-defintions.patch [bz#1660912]\n- kvm-s390x-cpumodel-wire-up-8561-and-8562-as-gen15-machin.patch [bz#1660912]\n- kvm-spice-set-device-address-and-device-display-ID-in-QX.patch [bz#1712946]\n- kvm-hw-pci-Add-missing-include.patch [bz#1712946]\n- Resolves: bz#1660912\n ([IBM 8.1 FEAT] KVM s390x: Add hardware CPU Model - qemu part)\n- Resolves: bz#1712946\n (qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated)\n[2.12.0-74.el8]\n- kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1696436]\n- kvm-memory-Fix-the-memory-region-type-assignment-order.patch [bz#1667249]\n- kvm-target-i386-sev-Do-not-pin-the-ram-device-memory-reg.patch [bz#1667249]\n- kvm-block-Fix-invalidate_cache-error-path-for-parent-act.patch [bz#1673010]\n- kvm-target-i386-define-md-clear-bit.patch [bz#1703302 bz#1703308]\n- Resolves: bz#1667249\n (Fail to launch AMD SEV VM with assigned PCI device)\n- Resolves: bz#1673010\n (Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled)\n- Resolves: bz#1696436\n ([Intel 8.0 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm)\n- Resolves: bz#1703302\n (CVE-2018-12130 virt:rhel/qemu-kvm: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [rhel-8])\n- Resolves: bz#1703308\n (CVE-2018-12127 virt:rhel/qemu-kvm: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [rhel-8])\n[2.12.0-73.el8]\n- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-mo.patch [bz#1561761]\n- kvm-i386-Disable-OSPKE-on-CPU-model-definitions.patch [bz#1561761]\n- Resolves: bz#1561761\n ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model)\n[2.12.0-72.el8]\n- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1707706]\n- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1707706]\n- Resolves: bz#1707706\n (/builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion is_power_of_2(align)' failed)\n[2.12.0-31.el8]\n- kvm-i386-Disable-TOPOEXT-by-default-on-cpu-host.patch [bz#1619804]\n- kvm-redhat-enable-opengl-add-build-and-runtime-deps.patch [bz#1618412]\n- Resolves: bz#1618412\n (Enable opengl (for intel vgpu display))\n- Resolves: bz#1619804\n (kernel panic in init_amd_cacheinfo)\n[2.12.0-30.el8]\n- kvm-redhat-Disable-vhost-crypto.patch [bz#1625668]\n- Resolves: bz#1625668\n (Decide if we should disable 'vhost-crypto' or not)\n[2.12.0-29.el8]\n- kvm-target-i386-sev-fix-memory-leaks.patch [bz#1615717]\n- kvm-i386-Fix-arch_query_cpu_model_expansion-leak.patch [bz#1615717]\n- kvm-redhat-Update-build-configuration.patch [bz#1573156]\n- Resolves: bz#1573156\n (Update build configure for QEMU 2.12.0)\n- Resolves: bz#1615717\n (Memory leaks)\n[2.12.0-28.el8]\n- kvm-e1000e-Do-not-auto-clear-ICR-bits-which-aren-t-set-i.patch [bz#1596024]\n- kvm-e1000e-Prevent-MSI-MSI-X-storms.patch [bz#1596024]\n- kvm-Drop-build_configure.sh-and-Makefile.local-files.patch []\n- kvm-Fix-subject-line-in-.gitpublish.patch []\n- Resolves: bz#1596024\n (The network link can't be detected on guest when the guest uses e1000e model type)\n[2.12.0-27.el8]\n- kvm-Fix-libusb-1.0.22-deprecated-libusb_set_debug-with-l.patch [bz#1622656]\n- Resolves: bz#1622656\n (qemu-kvm fails to build due to libusb_set_debug being deprecated)\n[2.12.0-26.el8]\n- kvm-redhat-remove-extra-in-rhel_rhev_conflicts-macro.patch [bz#1618752]\n- Resolves: bz#1618752\n (qemu-kvm can't be installed in RHEL-8 as it Conflicts with itself.)\n[2.12.0-25.el8]\n- kvm-Migration-TLS-Fix-crash-due-to-double-cleanup.patch [bz#1594384]\n- Resolves: bz#1594384\n (2.12 migration fixes)\n[2.12.0-24.el8]\n- kvm-Add-qemu-keymap-to-qemu-kvm-common.patch [bz#1593117]\n- Resolves: bz#1593117\n (add qemu-keymap utility)\n[2.12.0-23.el8]\n- Fixing an issue with some old command in the spec file\n[2.12.0-22.el8]\n- Fix an issue with the build_configure script.\n- Resolves: bz#1425820\n (Improve QEMU packaging layout with modularization of the block layer)\n[2.12.0-20.el8]\n- kvm-migration-stop-compressing-page-in-migration-thread.patch [bz#1594384]\n- kvm-migration-stop-compression-to-allocate-and-free-memo.patch [bz#1594384]\n- kvm-migration-stop-decompression-to-allocate-and-free-me.patch [bz#1594384]\n- kvm-migration-detect-compression-and-decompression-error.patch [bz#1594384]\n- kvm-migration-introduce-control_save_page.patch [bz#1594384]\n- kvm-migration-move-some-code-to-ram_save_host_page.patch [bz#1594384]\n- kvm-migration-move-calling-control_save_page-to-the-comm.patch [bz#1594384]\n- kvm-migration-move-calling-save_zero_page-to-the-common-.patch [bz#1594384]\n- kvm-migration-introduce-save_normal_page.patch [bz#1594384]\n- kvm-migration-remove-ram_save_compressed_page.patch [bz#1594384]\n- kvm-migration-block-dirty-bitmap-fix-memory-leak-in-dirt.patch [bz#1594384]\n- kvm-migration-fix-saving-normal-page-even-if-it-s-been-c.patch [bz#1594384]\n- kvm-migration-update-index-field-when-delete-or-qsort-RD.patch [bz#1594384]\n- kvm-migration-introduce-decompress-error-check.patch [bz#1594384]\n- kvm-migration-Don-t-activate-block-devices-if-using-S.patch [bz#1594384]\n- kvm-migration-not-wait-RDMA_CM_EVENT_DISCONNECTED-event-.patch [bz#1594384]\n- kvm-migration-block-dirty-bitmap-fix-dirty_bitmap_load.patch [bz#1594384]\n- kvm-s390x-add-RHEL-7.6-machine-type-for-ccw.patch [bz#1595718]\n- kvm-s390x-cpumodel-default-enable-bpb-and-ppa15-for-z196.patch [bz#1595718]\n- kvm-linux-headers-asm-s390-kvm.h-header-sync.patch [bz#1612938]\n- kvm-s390x-kvm-add-etoken-facility.patch [bz#1612938]\n- Resolves: bz#1594384\n (2.12 migration fixes)\n- Resolves: bz#1595718\n (Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine)\n- Resolves: bz#1612938\n (Add etoken support to qemu-kvm for s390x KVM guests)\n[2.12.0-18.el8]\nMass import from RHEL 7.6 qemu-kvm-rhev, including fixes to the following BZs:\n- kvm-AArch64-Add-virt-rhel7.6-machine-type.patch [bz#1558723]\n- kvm-cpus-Fix-event-order-on-resume-of-stopped-guest.patch [bz#1566153]\n- kvm-qemu-img-Check-post-truncation-size.patch [bz#1523065]\n- kvm-vga-catch-depth-0.patch [bz#1575541]\n- kvm-Fix-x-hv-max-vps-compat-value-for-7.4-machine-type.patch [bz#1583959]\n- kvm-ccid-card-passthru-fix-regression-in-realize.patch [bz#1584984]\n- kvm-Use-4-MB-vram-for-cirrus.patch [bz#1542080]\n- kvm-spapr_pci-Remove-unhelpful-pagesize-warning.patch [bz#1505664]\n- kvm-rpm-Add-nvme-VFIO-driver-to-rw-whitelist.patch [bz#1416180]\n- kvm-qobject-Use-qobject_to-instead-of-type-cast.patch [bz#1557995]\n- kvm-qobject-Ensure-base-is-at-offset-0.patch [bz#1557995]\n- kvm-qobject-use-a-QObjectBase_-struct.patch [bz#1557995]\n- kvm-qobject-Replace-qobject_incref-QINCREF-qobject_decre.patch [bz#1557995]\n- kvm-qobject-Modify-qobject_ref-to-return-obj.patch [bz#1557995]\n- kvm-rbd-Drop-deprecated-drive-parameter-filename.patch [bz#1557995]\n- kvm-iscsi-Drop-deprecated-drive-parameter-filename.patch [bz#1557995]\n- kvm-block-Add-block-specific-QDict-header.patch [bz#1557995]\n- kvm-qobject-Move-block-specific-qdict-code-to-block-qdic.patch [bz#1557995]\n- kvm-block-Fix-blockdev-for-certain-non-string-scalars.patch [bz#1557995]\n- kvm-block-Fix-drive-for-certain-non-string-scalars.patch [bz#1557995]\n- kvm-block-Clean-up-a-misuse-of-qobject_to-in-.bdrv_co_cr.patch [bz#1557995]\n- kvm-block-Factor-out-qobject_input_visitor_new_flat_conf.patch [bz#1557995]\n- kvm-block-Make-remaining-uses-of-qobject-input-visitor-m.patch [bz#1557995]\n- kvm-block-qdict-Simplify-qdict_flatten_qdict.patch [bz#1557995]\n- kvm-block-qdict-Tweak-qdict_flatten_qdict-qdict_flatten_.patch [bz#1557995]\n- kvm-block-qdict-Clean-up-qdict_crumple-a-bit.patch [bz#1557995]\n- kvm-block-qdict-Simplify-qdict_is_list-some.patch [bz#1557995]\n- kvm-check-block-qdict-Rename-qdict_flatten-s-variables-f.patch [bz#1557995]\n- kvm-check-block-qdict-Cover-flattening-of-empty-lists-an.patch [bz#1557995]\n- kvm-block-Fix-blockdev-blockdev-add-for-empty-objects-an.patch [bz#1557995]\n- kvm-rbd-New-parameter-auth-client-required.patch [bz#1557995]\n- kvm-rbd-New-parameter-key-secret.patch [bz#1557995]\n- kvm-block-mirror-honor-ratelimit-again.patch [bz#1572856]\n- kvm-block-mirror-Make-cancel-always-cancel-pre-READY.patch [bz#1572856]\n- kvm-iotests-Add-test-for-cancelling-a-mirror-job.patch [bz#1572856]\n- kvm-iotests-Split-214-off-of-122.patch [bz#1518738]\n- kvm-block-Add-COR-filter-driver.patch [bz#1518738]\n- kvm-block-BLK_PERM_WRITE-includes-._UNCHANGED.patch [bz#1518738]\n- kvm-block-Add-BDRV_REQ_WRITE_UNCHANGED-flag.patch [bz#1518738]\n- kvm-block-Set-BDRV_REQ_WRITE_UNCHANGED-for-COR-writes.patch [bz#1518738]\n- kvm-block-quorum-Support-BDRV_REQ_WRITE_UNCHANGED.patch [bz#1518738]\n- kvm-block-Support-BDRV_REQ_WRITE_UNCHANGED-in-filters.patch [bz#1518738]\n- kvm-iotests-Clean-up-wrap-image-in-197.patch [bz#1518738]\n- kvm-iotests-Copy-197-for-COR-filter-driver.patch [bz#1518738]\n- kvm-iotests-Add-test-for-COR-across-nodes.patch [bz#1518738]\n- kvm-qemu-io-Use-purely-string-blockdev-options.patch [bz#1576598]\n- kvm-qemu-img-Use-only-string-options-in-img_open_opts.patch [bz#1576598]\n- kvm-iotests-Add-test-for-U-force-share-conflicts.patch [bz#1576598]\n- kvm-qemu-io-Drop-command-functions-return-values.patch [bz#1519617]\n- kvm-qemu-io-Let-command-functions-return-error-code.patch [bz#1519617]\n- kvm-qemu-io-Exit-with-error-when-a-command-failed.patch [bz#1519617]\n- kvm-iotests.py-Add-qemu_io_silent.patch [bz#1519617]\n- kvm-iotests-Let-216-make-use-of-qemu-io-s-exit-code.patch [bz#1519617]\n- kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch [bz#1527085]\n- kvm-iotests-Repairing-error-during-snapshot-deletion.patch [bz#1527085]\n- kvm-block-Make-bdrv_is_writable-public.patch [bz#1588039]\n- kvm-qcow2-Do-not-mark-inactive-images-corrupt.patch [bz#1588039]\n- kvm-iotests-Add-case-for-a-corrupted-inactive-image.patch [bz#1588039]\n- kvm-main-loop-drop-spin_counter.patch [bz#1168213]\n- kvm-target-ppc-Factor-out-the-parsing-in-kvmppc_get_cpu_.patch [bz#1560847]\n- kvm-target-ppc-Don-t-require-private-l1d-cache-on-POWER8.patch [bz#1560847]\n- kvm-ppc-spapr_caps-Don-t-disable-cap_cfpc-on-POWER8-by-d.patch [bz#1560847]\n- kvm-qxl-fix-local-renderer-crash.patch [bz#1567733]\n- kvm-qemu-img-Amendment-support-implies-create_opts.patch [bz#1537956]\n- kvm-block-Add-Error-parameter-to-bdrv_amend_options.patch [bz#1537956]\n- kvm-qemu-option-Pull-out-Supported-options-print.patch [bz#1537956]\n- kvm-qemu-img-Add-print_amend_option_help.patch [bz#1537956]\n- kvm-qemu-img-Recognize-no-creation-support-in-o-help.patch [bz#1537956]\n- kvm-iotests-Test-help-option-for-unsupporting-formats.patch [bz#1537956]\n- kvm-iotests-Rework-113.patch [bz#1537956]\n- kvm-qemu-img-Resolve-relative-backing-paths-in-rebase.patch [bz#1569835]\n- kvm-iotests-Add-test-for-rebasing-with-relative-paths.patch [bz#1569835]\n- kvm-qemu-img-Special-post-backing-convert-handling.patch [bz#1527898]\n- kvm-iotests-Test-post-backing-convert-target-behavior.patch [bz#1527898]\n- kvm-migration-calculate-expected_downtime-with-ram_bytes.patch [bz#1564576]\n- kvm-sheepdog-Fix-sd_co_create_opts-memory-leaks.patch [bz#1513543]\n- kvm-qemu-iotests-reduce-chance-of-races-in-185.patch [bz#1513543]\n- kvm-blockjob-do-not-cancel-timer-in-resume.patch [bz#1513543]\n- kvm-nfs-Fix-error-path-in-nfs_options_qdict_to_qapi.patch [bz#1513543]\n- kvm-nfs-Remove-processed-options-from-QDict.patch [bz#1513543]\n- kvm-blockjob-drop-block_job_pause-resume_all.patch [bz#1513543]\n- kvm-blockjob-expose-error-string-via-query.patch [bz#1513543]\n- kvm-blockjob-Fix-assertion-in-block_job_finalize.patch [bz#1513543]\n- kvm-blockjob-Wrappers-for-progress-counter-access.patch [bz#1513543]\n- kvm-blockjob-Move-RateLimit-to-BlockJob.patch [bz#1513543]\n- kvm-blockjob-Implement-block_job_set_speed-centrally.patch [bz#1513543]\n- kvm-blockjob-Introduce-block_job_ratelimit_get_delay.patch [bz#1513543]\n- kvm-blockjob-Add-block_job_driver.patch [bz#1513543]\n- kvm-blockjob-Update-block-job-pause-resume-documentation.patch [bz#1513543]\n- kvm-blockjob-Improve-BlockJobInfo.offset-len-documentati.patch [bz#1513543]\n- kvm-job-Create-Job-JobDriver-and-job_create.patch [bz#1513543]\n- kvm-job-Rename-BlockJobType-into-JobType.patch [bz#1513543]\n- kvm-job-Add-JobDriver.job_type.patch [bz#1513543]\n- kvm-job-Add-job_delete.patch [bz#1513543]\n- kvm-job-Maintain-a-list-of-all-jobs.patch [bz#1513543]\n- kvm-job-Move-state-transitions-to-Job.patch [bz#1513543]\n- kvm-job-Add-reference-counting.patch [bz#1513543]\n- kvm-job-Move-cancelled-to-Job.patch [bz#1513543]\n- kvm-job-Add-Job.aio_context.patch [bz#1513543]\n- kvm-job-Move-defer_to_main_loop-to-Job.patch [bz#1513543]\n- kvm-job-Move-coroutine-and-related-code-to-Job.patch [bz#1513543]\n- kvm-job-Add-job_sleep_ns.patch [bz#1513543]\n- kvm-job-Move-pause-resume-functions-to-Job.patch [bz#1513543]\n- kvm-job-Replace-BlockJob.completed-with-job_is_completed.patch [bz#1513543]\n- kvm-job-Move-BlockJobCreateFlags-to-Job.patch [bz#1513543]\n- kvm-blockjob-Split-block_job_event_pending.patch [bz#1513543]\n- kvm-job-Add-job_event_.patch [bz#1513543]\n- kvm-job-Move-single-job-finalisation-to-Job.patch [bz#1513543]\n- kvm-job-Convert-block_job_cancel_async-to-Job.patch [bz#1513543]\n- kvm-job-Add-job_drain.patch [bz#1513543]\n- kvm-job-Move-.complete-callback-to-Job.patch [bz#1513543]\n- kvm-job-Move-job_finish_sync-to-Job.patch [bz#1513543]\n- kvm-job-Switch-transactions-to-JobTxn.patch [bz#1513543]\n- kvm-job-Move-transactions-to-Job.patch [bz#1513543]\n- kvm-job-Move-completion-and-cancellation-to-Job.patch [bz#1513543]\n- kvm-block-Cancel-job-in-bdrv_close_all-callers.patch [bz#1513543]\n- kvm-job-Add-job_yield.patch [bz#1513543]\n- kvm-job-Add-job_dismiss.patch [bz#1513543]\n- kvm-job-Add-job_is_ready.patch [bz#1513543]\n- kvm-job-Add-job_transition_to_ready.patch [bz#1513543]\n- kvm-job-Move-progress-fields-to-Job.patch [bz#1513543]\n- kvm-job-Introduce-qapi-job.json.patch [bz#1513543]\n- kvm-job-Add-JOB_STATUS_CHANGE-QMP-event.patch [bz#1513543]\n- kvm-job-Add-lifecycle-QMP-commands.patch [bz#1513543]\n- kvm-job-Add-query-jobs-QMP-command.patch [bz#1513543]\n- kvm-blockjob-Remove-BlockJob.driver.patch [bz#1513543]\n- kvm-iotests-Move-qmp_to_opts-to-VM.patch [bz#1513543]\n- kvm-qemu-iotests-Test-job-with-block-jobs.patch [bz#1513543]\n- kvm-vdi-Fix-vdi_co_do_create-return-value.patch [bz#1513543]\n- kvm-vhdx-Fix-vhdx_co_create-return-value.patch [bz#1513543]\n- kvm-job-Add-error-message-for-failing-jobs.patch [bz#1513543]\n- kvm-block-create-Make-x-blockdev-create-a-job.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.get_qmp_events_filtered.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.qmp_log.patch [bz#1513543]\n- kvm-qemu-iotests-Add-iotests.img_info_log.patch [bz#1513543]\n- kvm-qemu-iotests-Add-VM.run_job.patch [bz#1513543]\n- kvm-qemu-iotests-iotests.py-helper-for-non-file-protocol.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-206-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-207-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-210-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-211-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-212-for-blockdev-create-job.patch [bz#1513543]\n- kvm-qemu-iotests-Rewrite-213-for-blockdev-create-job.patch [bz#1513543]\n- kvm-block-create-Mark-blockdev-create-stable.patch [bz#1513543]\n- kvm-jobs-fix-stale-wording.patch [bz#1513543]\n- kvm-jobs-fix-verb-references-in-docs.patch [bz#1513543]\n- kvm-iotests-Fix-219-s-timing.patch [bz#1513543]\n- kvm-iotests-improve-pause_job.patch [bz#1513543]\n- kvm-rpm-Whitelist-copy-on-read-block-driver.patch [bz#1518738]\n- kvm-rpm-add-throttle-driver-to-rw-whitelist.patch [bz#1591076]\n- kvm-usb-host-skip-open-on-pending-postload-bh.patch [bz#1572851]\n- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574216]\n- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574216]\n- kvm-block-file-posix-Pass-FD-to-locking-helpers.patch [bz#1519144]\n- kvm-block-file-posix-File-locking-during-creation.patch [bz#1519144]\n- kvm-iotests-Add-creation-test-to-153.patch [bz#1519144]\n- kvm-vhost-user-add-Net-prefix-to-internal-state-structur.patch [bz#1526645]\n- kvm-virtio-support-setting-memory-region-based-host-noti.patch [bz#1526645]\n- kvm-vhost-user-support-receiving-file-descriptors-in-sla.patch [bz#1526645]\n- kvm-osdep-add-wait.h-compat-macros.patch [bz#1526645]\n- kvm-vhost-user-bridge-support-host-notifier.patch [bz#1526645]\n- kvm-vhost-allow-backends-to-filter-memory-sections.patch [bz#1526645]\n- kvm-vhost-user-allow-slave-to-send-fds-via-slave-channel.patch [bz#1526645]\n- kvm-vhost-user-introduce-shared-vhost-user-state.patch [bz#1526645]\n- kvm-vhost-user-support-registering-external-host-notifie.patch [bz#1526645]\n- kvm-libvhost-user-support-host-notifier.patch [bz#1526645]\n- kvm-block-Introduce-API-for-copy-offloading.patch [bz#1482537]\n- kvm-raw-Check-byte-range-uniformly.patch [bz#1482537]\n- kvm-raw-Implement-copy-offloading.patch [bz#1482537]\n- kvm-qcow2-Implement-copy-offloading.patch [bz#1482537]\n- kvm-file-posix-Implement-bdrv_co_copy_range.patch [bz#1482537]\n- kvm-iscsi-Query-and-save-device-designator-when-opening.patch [bz#1482537]\n- kvm-iscsi-Create-and-use-iscsi_co_wait_for_task.patch [bz#1482537]\n- kvm-iscsi-Implement-copy-offloading.patch [bz#1482537]\n- kvm-block-backend-Add-blk_co_copy_range.patch [bz#1482537]\n- kvm-qemu-img-Convert-with-copy-offloading.patch [bz#1482537]\n- kvm-qcow2-Fix-src_offset-in-copy-offloading.patch [bz#1482537]\n- kvm-iscsi-Don-t-blindly-use-designator-length-in-respons.patch [bz#1482537]\n- kvm-file-posix-Fix-EINTR-handling.patch [bz#1482537]\n- kvm-usb-storage-Add-rerror-werror-properties.patch [bz#1595180]\n- kvm-numa-clarify-error-message-when-node-index-is-out-of.patch [bz#1578381]\n- kvm-qemu-iotests-Update-026.out.nocache-reference-output.patch [bz#1528541]\n- kvm-qcow2-Free-allocated-clusters-on-write-error.patch [bz#1528541]\n- kvm-qemu-iotests-Test-qcow2-not-leaking-clusters-on-writ.patch [bz#1528541]\n- kvm-qemu-options-Add-missing-newline-to-accel-help-text.patch [bz#1586313]\n- kvm-xhci-fix-guest-triggerable-assert.patch [bz#1594135]\n- kvm-virtio-gpu-tweak-scanout-disable.patch [bz#1589634]\n- kvm-virtio-gpu-update-old-resource-too.patch [bz#1589634]\n- kvm-virtio-gpu-disable-scanout-when-backing-resource-is-.patch [bz#1589634]\n- kvm-block-Don-t-silently-truncate-node-names.patch [bz#1549654]\n- kvm-pr-helper-fix-socket-path-default-in-help.patch [bz#1533158]\n- kvm-pr-helper-fix-assertion-failure-on-failed-multipath-.patch [bz#1533158]\n- kvm-pr-manager-helper-avoid-SIGSEGV-when-writing-to-the-.patch [bz#1533158]\n- kvm-pr-manager-put-stubs-in-.c-file.patch [bz#1533158]\n- kvm-pr-manager-add-query-pr-managers-QMP-command.patch [bz#1533158]\n- kvm-pr-manager-helper-report-event-on-connection-disconn.patch [bz#1533158]\n- kvm-pr-helper-avoid-error-on-PR-IN-command-with-zero-req.patch [bz#1533158]\n- kvm-pr-helper-Rework-socket-path-handling.patch [bz#1533158]\n- kvm-pr-manager-helper-fix-memory-leak-on-event.patch [bz#1533158]\n- kvm-object-fix-OBJ_PROP_LINK_UNREF_ON_RELEASE-ambivalenc.patch [bz#1556678]\n- kvm-usb-hcd-xhci-test-add-a-test-for-ccid-hotplug.patch [bz#1556678]\n- kvm-Revert-usb-release-the-created-buses.patch [bz#1556678]\n- kvm-file-posix-Fix-creation-locking.patch [bz#1599335]\n- kvm-file-posix-Unlock-FD-after-creation.patch [bz#1599335]\n- kvm-ahci-trim-signatures-on-raise-lower.patch [bz#1584914]\n- kvm-ahci-fix-PxCI-register-race.patch [bz#1584914]\n- kvm-ahci-don-t-schedule-unnecessary-BH.patch [bz#1584914]\n- kvm-qcow2-Fix-qcow2_truncate-error-return-value.patch [bz#1595173]\n- kvm-block-Convert-.bdrv_truncate-callback-to-coroutine_f.patch [bz#1595173]\n- kvm-qcow2-Remove-coroutine-trampoline-for-preallocate_co.patch [bz#1595173]\n- kvm-block-Move-bdrv_truncate-implementation-to-io.c.patch [bz#1595173]\n- kvm-block-Use-tracked-request-for-truncate.patch [bz#1595173]\n- kvm-file-posix-Make-.bdrv_co_truncate-asynchronous.patch [bz#1595173]\n- kvm-block-Fix-copy-on-read-crash-with-partial-final-clus.patch [bz#1590640]\n- kvm-block-fix-QEMU-crash-with-scsi-hd-and-drive_del.patch [bz#1599515]\n- kvm-virtio-rng-process-pending-requests-on-DRIVER_OK.patch [bz#1576743]\n- kvm-file-posix-specify-expected-filetypes.patch [bz#1525829]\n- kvm-iotests-add-test-226-for-file-driver-types.patch [bz#1525829]\n- kvm-block-dirty-bitmap-add-lock-to-bdrv_enable-disable_d.patch [bz#1207657]\n- kvm-qapi-add-x-block-dirty-bitmap-enable-disable.patch [bz#1207657]\n- kvm-qmp-transaction-support-for-x-block-dirty-bitmap-ena.patch [bz#1207657]\n- kvm-qapi-add-x-block-dirty-bitmap-merge.patch [bz#1207657]\n- kvm-qapi-add-disabled-parameter-to-block-dirty-bitmap-ad.patch [bz#1207657]\n- kvm-block-dirty-bitmap-add-bdrv_enable_dirty_bitmap_lock.patch [bz#1207657]\n- kvm-dirty-bitmap-fix-double-lock-on-bitmap-enabling.patch [bz#1207657]\n- kvm-block-qcow2-bitmap-fix-free_bitmap_clusters.patch [bz#1207657]\n- kvm-qcow2-add-overlap-check-for-bitmap-directory.patch [bz#1207657]\n- kvm-blockdev-enable-non-root-nodes-for-backup-source.patch [bz#1207657]\n- kvm-iotests-add-222-to-test-basic-fleecing.patch [bz#1207657]\n- kvm-qcow2-Remove-dead-check-on-ret.patch [bz#1207657]\n- kvm-block-Move-request-tracking-to-children-in-copy-offl.patch [bz#1207657]\n- kvm-block-Fix-parameter-checking-in-bdrv_co_copy_range_i.patch [bz#1207657]\n- kvm-block-Honour-BDRV_REQ_NO_SERIALISING-in-copy-range.patch [bz#1207657]\n- kvm-backup-Use-copy-offloading.patch [bz#1207657]\n- kvm-block-backup-disable-copy-offloading-for-backup.patch [bz#1207657]\n- kvm-iotests-222-Don-t-run-with-luks.patch [bz#1207657]\n- kvm-block-io-fix-copy_range.patch [bz#1207657]\n- kvm-block-split-flags-in-copy_range.patch [bz#1207657]\n- kvm-block-add-BDRV_REQ_SERIALISING-flag.patch [bz#1207657]\n- kvm-block-backup-fix-fleecing-scheme-use-serialized-writ.patch [bz#1207657]\n- kvm-nbd-server-Reject-0-length-block-status-request.patch [bz#1207657]\n- kvm-nbd-server-fix-trace.patch [bz#1207657]\n- kvm-nbd-server-refactor-NBDExportMetaContexts.patch [bz#1207657]\n- kvm-nbd-server-add-nbd_meta_empty_or_pattern-helper.patch [bz#1207657]\n- kvm-nbd-server-implement-dirty-bitmap-export.patch [bz#1207657]\n- kvm-qapi-new-qmp-command-nbd-server-add-bitmap.patch [bz#1207657]\n- kvm-docs-interop-add-nbd.txt.patch [bz#1207657]\n- kvm-nbd-server-introduce-NBD_CMD_CACHE.patch [bz#1207657]\n- kvm-nbd-server-Silence-gcc-false-positive.patch [bz#1207657]\n- kvm-nbd-server-Fix-dirty-bitmap-logic-regression.patch [bz#1207657]\n- kvm-nbd-server-fix-nbd_co_send_block_status.patch [bz#1207657]\n- kvm-nbd-client-Add-x-dirty-bitmap-to-query-bitmap-from-s.patch [bz#1207657]\n- kvm-iotests-New-test-223-for-exporting-dirty-bitmap-over.patch [bz#1207657]\n- kvm-hw-char-serial-Only-retry-if-qemu_chr_fe_write-retur.patch [bz#1592817]\n- kvm-hw-char-serial-retry-write-if-EAGAIN.patch [bz#1592817]\n- kvm-throttle-groups-fix-hang-when-group-member-leaves.patch [bz#1535914]\n- kvm-Disable-aarch64-devices-reappeared-after-2.12-rebase.patch [bz#1586357]\n- kvm-Disable-split-irq-device.patch [bz#1586357]\n- kvm-Disable-AT24Cx-i2c-eeprom.patch [bz#1586357]\n- kvm-Disable-CAN-bus-devices.patch [bz#1586357]\n- kvm-Disable-new-superio-devices.patch [bz#1586357]\n- kvm-Disable-new-pvrdma-device.patch [bz#1586357]\n- kvm-qdev-add-HotplugHandler-post_plug-callback.patch [bz#1607891]\n- kvm-virtio-scsi-fix-hotplug-reset-vs-event-race.patch [bz#1607891]\n- kvm-e1000-Fix-tso_props-compat-for-82540em.patch [bz#1608778]\n- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586255]\n- kvm-s390x-sclp-fix-maxram-calculation.patch [bz#1595740]\n- kvm-redhat-Make-gitpublish-profile-the-default-one.patch [bz#1425820]\n- Resolves: bz#1168213\n (main-loop: WARNING: I/O thread spun for 1000 iterations while doing stream block device.)\n- Resolves: bz#1207657\n (RFE: QEMU Incremental live backup - push and pull modes)\n- Resolves: bz#1416180\n (QEMU VFIO based block driver for NVMe devices)\n- Resolves: bz#1425820\n (Improve QEMU packaging layout with modularization of the block layer)\n- Resolves: bz#1482537\n ([RFE] qemu-img copy-offloading (convert command))\n- Resolves: bz#1505664\n ('qemu-kvm: System page size 0x1000000 is not enabled in page_size_mask (0x11000). Performance may be slow' show up while using hugepage as guest's memory)\n- Resolves: bz#1513543\n ([RFE] Add block job to create format on a storage device)\n- Resolves: bz#1518738\n (Add 'copy-on-read' filter driver for use with blockdev-add)\n- Resolves: bz#1519144\n (qemu-img: image locking doesn't cover image creation)\n- Resolves: bz#1519617\n (The exit code should be non-zero when qemu-io reports an error)\n- Resolves: bz#1523065\n ('qemu-img resize' should fail to decrease the size of logical partition/lvm/iSCSI image with raw format)\n- Resolves: bz#1525829\n (can not boot up a scsi-block passthrough disk via -blockdev with error 'cannot get SG_IO version number: Operation not supported. Is this a SCSI device?')\n- Resolves: bz#1526645\n ([Intel 7.6 FEAT] vHost Data Plane Acceleration (vDPA) - vhost user client - qemu-kvm-rhev)\n- Resolves: bz#1527085\n (The copied flag should be updated during '-r leaks')\n- Resolves: bz#1527898\n ([RFE] qemu-img should leave cluster unallocated if it's read as zero throughout the backing chain)\n- Resolves: bz#1528541\n (qemu-img check reports tons of leaked clusters after re-start nfs service to resume writing data in guest)\n- Resolves: bz#1533158\n (QEMU support for libvirtd restarting qemu-pr-helper)\n- Resolves: bz#1535914\n (Disable io throttling for one member disk of a group during io will induce the other one hang with io)\n- Resolves: bz#1537956\n (RFE: qemu-img amend should list the true supported options)\n- Resolves: bz#1542080\n (Qemu core dump at cirrus_invalidate_region)\n- Resolves: bz#1549654\n (Reject node-names which would be truncated by the block layer commands)\n- Resolves: bz#1556678\n (Hot plug usb-ccid for the 2nd time with the same ID as the 1st time failed)\n- Resolves: bz#1557995\n (QAPI schema for RBD storage misses the 'password-secret' option)\n- Resolves: bz#1558723\n (Create RHEL-7.6 QEMU machine type for AArch64)\n- Resolves: bz#1560847\n ([Power8][FW b0320a_1812.861][rhel7.5rc2 3.10.0-861.el7.ppc64le][qemu-kvm-{ma,rhev}-2.10.0-21.el7_5.1.ppc64le] KVM guest does not default to ori type flush even with pseries-rhel7.5.0-sxxm)\n- Resolves: bz#1564576\n (Pegas 1.1 - Require to backport qemu-kvm patch that fixes expected_downtime calculation during migration)\n- Resolves: bz#1566153\n (IOERROR pause code lost after resuming a VM while I/O error is still present)\n- Resolves: bz#1567733\n (qemu abort when migrate during guest reboot)\n- Resolves: bz#1569835\n (qemu-img get wrong backing file path after rebasing image with relative path)\n- Resolves: bz#1572851\n (Core dumped after migration when with usb-host)\n- Resolves: bz#1572856\n ('block-job-cancel' can not cancel a 'drive-mirror' job)\n- Resolves: bz#1574216\n (CVE-2018-3639 qemu-kvm-rhev: hw: cpu: speculative store bypass [rhel-7.6])\n- Resolves: bz#1575541\n (qemu core dump while installing win10 guest)\n- Resolves: bz#1576598\n (Segfault in qemu-io and qemu-img with -U --image-opts force-share=off)\n- Resolves: bz#1576743\n (virtio-rng hangs when running on recent (2.x) QEMU versions)\n- Resolves: bz#1578381\n (Error message need update when specify numa distance with node index >=128)\n- Resolves: bz#1583959\n (Incorrect vcpu count limit for 7.4 machine types for windows guests)\n- Resolves: bz#1584914\n (SATA emulator lags and hangs)\n- Resolves: bz#1584984\n (Vm starts failed with 'passthrough' smartcard)\n- Resolves: bz#1586255\n (CVE-2018-11806 qemu-kvm-rhev: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6])\n- Resolves: bz#1586313\n (-smp option is not easily found in the output of qemu help)\n- Resolves: bz#1586357\n (Disable new devices in 2.12)\n- Resolves: bz#1588039\n (Possible assertion failure in qemu when a corrupted image is used during an incoming migration)\n- Resolves: bz#1589634\n (Migration failed when rebooting guest with multiple virtio videos)\n- Resolves: bz#1590640\n (qemu-kvm: block/io.c:1098: bdrv_co_do_copy_on_readv: Assertion mutex->initialized' failed))\n- Resolves: bz#1607891\n (Hotplug events are sometimes lost with virtio-scsi + iothread)\n- Resolves: bz#1608778\n (qemu/migration: migrate failed from RHEL.7.6 to RHEL.7.5 with e1000-82540em)\n[2.12.0-17.el8]\n- kvm-linux-headers-Update-to-include-KVM_CAP_S390_HPAGE_1.patch [bz#1610906]\n- kvm-s390x-Enable-KVM-huge-page-backing-support.patch [bz#1610906]\n- kvm-redhat-s390x-add-hpage-1-to-kvm.conf.patch [bz#1610906]\n- Resolves: bz#1610906\n ([IBM 8.0 FEAT] KVM: Huge Pages - libhugetlbfs Enablement - qemu-kvm part)\n[2.12.0-16.el8]\n- kvm-spapr-Correct-inverted-test-in-spapr_pc_dimm_node.patch [bz#1601671]\n- kvm-osdep-powerpc64-align-memory-to-allow-2MB-radix-THP-.patch [bz#1601317]\n- kvm-RHEL-8.0-Add-pseries-rhel7.6.0-sxxm-machine-type.patch [bz#1595501]\n- kvm-i386-Helpers-to-encode-cache-information-consistentl.patch [bz#1597739]\n- kvm-i386-Add-cache-information-in-X86CPUDefinition.patch [bz#1597739]\n- kvm-i386-Initialize-cache-information-for-EPYC-family-pr.patch [bz#1597739]\n- kvm-i386-Add-new-property-to-control-cache-info.patch [bz#1597739]\n- kvm-i386-Clean-up-cache-CPUID-code.patch [bz#1597739]\n- kvm-i386-Populate-AMD-Processor-Cache-Information-for-cp.patch [bz#1597739]\n- kvm-i386-Add-support-for-CPUID_8000_001E-for-AMD.patch [bz#1597739]\n- kvm-i386-Fix-up-the-Node-id-for-CPUID_8000_001E.patch [bz#1597739]\n- kvm-i386-Enable-TOPOEXT-feature-on-AMD-EPYC-CPU.patch [bz#1597739]\n- kvm-i386-Remove-generic-SMT-thread-check.patch [bz#1597739]\n- kvm-i386-Allow-TOPOEXT-to-be-enabled-on-older-kernels.patch [bz#1597739]\n- Resolves: bz#1595501\n (Create pseries-rhel7.6.0-sxxm machine type)\n- Resolves: bz#1597739\n (AMD EPYC/Zen SMT support for KVM / QEMU guest (qemu-kvm))\n- Resolves: bz#1601317\n (RHEL8.0 - qemu patch to align memory to allow 2MB THP)\n- Resolves: bz#1601671\n (After rebooting guest,all the hot plug memory will be assigned to the 1st numa node.)\n[2.12.0-15.el8]\n- kvm-spapr-Add-ibm-max-associativity-domains-property.patch [bz#1599593]\n- kvm-Revert-spapr-Don-t-allow-memory-hotplug-to-memory-le.patch [bz#1599593]\n- kvm-simpletrace-Convert-name-from-mapping-record-to-str.patch [bz#1594969]\n- kvm-tests-fix-TLS-handshake-failure-with-TLS-1.3.patch [bz#1602403]\n- Resolves: bz#1594969\n (simpletrace.py fails when running with Python 3)\n- Resolves: bz#1599593\n (User can't hotplug memory to less memory numa node on rhel8)\n- Resolves: bz#1602403\n (test-crypto-tlssession unit test fails with assertions)\n[2.12.0-14.el8]\n- kvm-vfio-pci-Default-display-option-to-off.patch [bz#1590511]\n- kvm-python-futurize-f-libfuturize.fixes.fix_print_with_i.patch [bz#1571533]\n- kvm-python-futurize-f-lib2to3.fixes.fix_except.patch [bz#1571533]\n- kvm-Revert-Defining-a-shebang-for-python-scripts.patch [bz#1571533]\n- kvm-spec-Fix-ambiguous-python-interpreter-name.patch [bz#1571533]\n- kvm-qemu-ga-blacklisting-guest-exec-and-guest-exec-statu.patch [bz#1518132]\n- kvm-redhat-rewrap-build_configure.sh-cmdline-for-the-rh-.patch\n- kvm-redhat-remove-the-VTD-LIVE_BLOCK_OPS-and-RHV-options.patch\n- kvm-redhat-fix-the-rh-env-prep-target-s-dependency-on-th.patch\n- kvm-redhat-remove-dead-code-related-to-s390-not-s390x.patch\n- kvm-redhat-sync-compiler-flags-from-the-spec-file-to-rh-.patch\n- kvm-redhat-sync-guest-agent-enablement-and-tcmalloc-usag.patch\n- kvm-redhat-fix-up-Python-3-dependency-for-building-QEMU.patch\n- kvm-redhat-fix-up-Python-dependency-for-SRPM-generation.patch\n- kvm-redhat-disable-glusterfs-dependency-support-temporar.patch\n- Resolves: bz#1518132\n (Ensure file access RPCs are disabled by default)\n- Resolves: bz#1571533\n (Convert qemu-kvm python scripts to python3)\n- Resolves: bz#1590511\n (Fails to start guest with Intel vGPU device)\n[2.12.0-13.el8]\n- Resolves: bz#1508137\n ([IBM 8.0 FEAT] KVM: Interactive Bootloader (qemu))\n- Resolves: bz#1513558\n (Remove RHEL6 machine types)\n- Resolves: bz#1568600\n (pc-i440fx-rhel7.6.0 and pc-q35-rhel7.6.0 machine types (x86))\n- Resolves: bz#1570029\n ([IBM 8.0 FEAT] KVM: 3270 Connectivity - qemu part)\n- Resolves: bz#1578855\n (Enable Native Ceph support on non x86_64 CPUs)\n- Resolves: bz#1585651\n (RHEL 7.6 new pseries machine type (ppc64le))\n- Resolves: bz#1592337\n ([IBM 8.0 FEAT] KVM: CPU Model z14 ZR1 (qemu-kvm))\n[2.12.0-11.el8.1]\n- Resolves: bz#1576468\n (Enable vhost_user in qemu-kvm 2.12)\n[2.12.0-11.el8]\n- Resolves: bz#1574406\n ([RHEL 8][qemu-kvm] Failed to find romfile 'efi-virtio.rom')\n- Resolves: bz#1569675\n (Backwards compatibility of pc-*-rhel7.5.0 and older machine-types)\n- Resolves: bz#1576045\n (Fix build issue by using python3)\n- Resolves: bz#1571145\n (qemu-kvm segfaults on RHEL 8 when run guestfsd under TCG)\n[2.12.0-10.el]\n- Fixing some issues with packaging.\n- Rebasing to 2.12.0-rc4\n[2.11.0-7.el8]\n- Bumping epoch for RHEL8 and dropping self-obsoleting\n[2.11.0-6.el8]\n- Rebuilding\n[2.11.0-5.el8]\n- Prepare building on RHEL-8.0\nsgabios", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-17T00:00:00", "type": "oraclelinux", "title": "virt:ol security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11806", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-17963", "CVE-2018-20815", "CVE-2018-3639", "CVE-2019-10132", "CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168", "CVE-2019-11091", "CVE-2019-11135", "CVE-2019-12155", "CVE-2019-14378", "CVE-2019-15890", "CVE-2019-6501", "CVE-2019-6778"], "modified": "2020-02-17T00:00:00", "id": "ELSA-2020-0279", "href": "http://linux.oracle.com/errata/ELSA-2020-0279.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:23", "description": "buildah\n[1.5-8.gite94b4f9.0.1]\n- Fixes troubles with oracle registry login [Orabug: 29937283]\n[1.5-8.gite94b4f9]\n- bump release to preserve upgrade path\n- Related: #1821193\n[1.5-4.gite94b4f9]\n- fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'\n- Resolves: #1818127\n[1.5-3.gite94b4f9]\n- re-enable debuginfo\n[1.5-2.gite94b4f9]\n- go toolset not in scl anymore\n[1.5-1.gite94b4f9]\n- rebase\n[1.4-3.git608fa84]\n- fedora-like go compiler macro in buildrequires is enough\n[1.4-2.git608fa84]\n- rebase\n[1.3-3.git4888163]\n- Resolves: #1615611 - rebuild with gobuild tag 'no_openssl'\n[1.3-2.git4888163]\n- Resolves: #1614009 - built with updated scl-ized go-toolset dep\n- build with %gobuild\n[1.3-1]\n- Bump to v1.3\n- Vendor in lates containers/image\n- build-using-dockerfile: let -t include transports again\n- Block use of /proc/acpi and /proc/keys from inside containers\n- Fix handling of --registries-conf\n- Fix becoming a maintainer link\n- add optional CI test fo darwin\n- Don't pass a nil error to errors.Wrapf()\n- image filter test: use kubernetes/pause as a 'since'\n- Add --cidfile option to from\n- vendor: update containers/storage\n- Contributors need to find the CONTRIBUTOR.md file easier\n- Add a --loglevel option to build-with-dockerfile\n- Create Development plan\n- cmd: Code improvement\n- allow buildah cross compile for a darwin target\n- Add unused function param lint check\n- docs: Follow man-pages(7) suggestions for SYNOPSIS\n- Start using github.com/seccomp/containers-golang\n- umount: add all option to umount all mounted containers\n- runConfigureNetwork(): remove an unused parameter\n- Update github.com/opencontainers/selinux\n- Fix buildah bud --layers\n- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0\n- main: if unprivileged, reexec in a user namespace\n- Vendor in latest imagebuilder\n- Reduce the complexity of the buildah.Run function\n- mount: output it before replacing lastError\n- Vendor in latest selinux-go code\n- Implement basic recognition of the '--isolation' option\n- Run(): try to resolve non-absolute paths using /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/opc/.local/bin:/home/opc/bin\n- Run(): don't include any default environment variables\n- build without seccomp\n- vendor in latest runtime-tools\n- bind/mount_unsupported.go: remove import errors\n- Update github.com/opencontainers/runc\n- Add Capabilities lists to BuilderInfo\n- Tweaks for commit tests\n- commit: recognize committing to second storage locations\n- Fix ARGS parsing for run commands\n- Add info on registries.conf to from manpage\n- Switch from using docker to podman for testing in .papr\n- buildah: set the HTTP User-Agent\n- ONBUILD tutorial\n- Add information about the configuration files to the install docs\n- Makefile: add uninstall\n- Add tilde info for push to troubleshooting\n- mount: support multiple inputs\n- Use the right formatting when adding entries to /etc/hosts\n- Vendor in latest go-selinux bindings\n- Allow --userns-uid-map/--userns-gid-map to be global options\n- bind: factor out UnmountMountpoints\n- Run(): simplify runCopyStdio()\n- Run(): handle POLLNVAL results\n- Run(): tweak terminal mode handling\n- Run(): rename 'copyStdio' to 'copyPipes'\n- Run(): don't set a Pdeathsig for the runtime\n- Run(): add options for adding and removing capabilities\n- Run(): don't use a callback when a slice will do\n- setupSeccomp(): refactor\n- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers\n- Escape use of '_' in .md docs\n- Break out getProcIDMappings()\n- Break out SetupIntermediateMountNamespace()\n- Add Multi From Demo\n- Use the c/image conversion code instead of converting configs manually\n- Don't throw away the manifest MIME type and guess again\n- Consolidate loading manifest and config in initConfig\n- Pass a types.Image to Builder.initConfig\n- Require an image ID in importBuilderDataFromImage\n- Use c/image/manifest.GuessMIMEType instead of a custom heuristic\n- Do not ignore any parsing errors in initConfig\n- Explicitly handle 'from scratch' images in Builder.initConfig\n- Fix parsing of OCI images\n- Simplify dead but dangerous-looking error handling\n- Don't ignore v2s1 history if docker_version is not set\n- Add --rm and --force-rm to buildah bud\n- Add --all,-a flag to buildah images\n- Separate stdio buffering from writing\n- Remove tty check from images --format\n- Add environment variable BUILDAH_RUNTIME\n- Add --layers and --no-cache to buildah bud\n- Touch up images man\n- version.md: fix DESCRIPTION\n- tests: add containers test\n- tests: add images test\n- images: fix usage\n- fix make clean error\n- Change 'registries' to 'container registries' in man\n- add commit test\n- Add(): learn to record hashes of what we add\n- Minor update to buildah config documentation for entrypoint\n- Bump to v1.2-dev\n- Add registries.conf link to a few man pages\n[1.2-3]\n- do not depend on btrfs-progs for rhel8\n[1.2-2]\n- buildah does not require ostree\n[1.2-1]\n- Vendor in latest containers/image\n- build-using-dockerfile: let -t include transports again\n- Block use of /proc/acpi and /proc/keys from inside containers\n- Fix handling of --registries-conf\n- Fix becoming a maintainer link\n- add optional CI test fo darwin\n- Don't pass a nil error to errors.Wrapf()\n- image filter test: use kubernetes/pause as a 'since'\n- Add --cidfile option to from\n- vendor: update containers/storage\n- Contributors need to find the CONTRIBUTOR.md file easier\n- Add a --loglevel option to build-with-dockerfile\n- Create Development plan\n- cmd: Code improvement\n- allow buildah cross compile for a darwin target\n- Add unused function param lint check\n- docs: Follow man-pages(7) suggestions for SYNOPSIS\n- Start using github.com/seccomp/containers-golang\n- umount: add all option to umount all mounted containers\n- runConfigureNetwork(): remove an unused parameter\n- Update github.com/opencontainers/selinux\n- Fix buildah bud --layers\n- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0\n- main: if unprivileged, reexec in a user namespace\n- Vendor in latest imagebuilder\n- Reduce the complexity of the buildah.Run function\n- mount: output it before replacing lastError\n- Vendor in latest selinux-go code\n- Implement basic recognition of the '--isolation' option\n- Run(): try to resolve non-absolute paths using /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/opc/.local/bin:/home/opc/bin\n- Run(): don't include any default environment variables\n- build without seccomp\n- vendor in latest runtime-tools\n- bind/mount_unsupported.go: remove import errors\n- Update github.com/opencontainers/runc\n- Add Capabilities lists to BuilderInfo\n- Tweaks for commit tests\n- commit: recognize committing to second storage locations\n- Fix ARGS parsing for run commands\n- Add info on registries.conf to from manpage\n- Switch from using docker to podman for testing in .papr\n- buildah: set the HTTP User-Agent\n- ONBUILD tutorial\n- Add information about the configuration files to the install docs\n- Makefile: add uninstall\n- Add tilde info for push to troubleshooting\n- mount: support multiple inputs\n- Use the right formatting when adding entries to /etc/hosts\n- Vendor in latest go-selinux bindings\n- Allow --userns-uid-map/--userns-gid-map to be global options\n- bind: factor out UnmountMountpoints\n- Run(): simplify runCopyStdio()\n- Run(): handle POLLNVAL results\n- Run(): tweak terminal mode handling\n- Run(): rename 'copyStdio' to 'copyPipes'\n- Run(): don't set a Pdeathsig for the runtime\n- Run(): add options for adding and removing capabilities\n- Run(): don't use a callback when a slice will do\n- setupSeccomp(): refactor\n- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers\n- Escape use of '_' in .md docs\n- Break out getProcIDMappings()\n- Break out SetupIntermediateMountNamespace()\n- Add Multi From Demo\n- Use the c/image conversion code instead of converting configs manually\n- Don't throw away the manifest MIME type and guess again\n- Consolidate loading manifest and config in initConfig\n- Pass a types.Image to Builder.initConfig\n- Require an image ID in importBuilderDataFromImage\n- Use c/image/manifest.GuessMIMEType instead of a custom heuristic\n- Do not ignore any parsing errors in initConfig\n- Explicitly handle 'from scratch' images in Builder.initConfig\n- Fix parsing of OCI images\n- Simplify dead but dangerous-looking error handling\n- Don't ignore v2s1 history if docker_version is not set\n- Add --rm and --force-rm to buildah bud\n- Add --all,-a flag to buildah images\n- Separate stdio buffering from writing\n- Remove tty check from images --format\n- Add environment variable BUILDAH_RUNTIME\n- Add --layers and --no-cache to buildah bud\n- Touch up images man\n- version.md: fix DESCRIPTION\n- tests: add containers test\n- tests: add images test\n- images: fix usage\n- fix make clean error\n- Change 'registries' to 'container registries' in man\n- add commit test\n- Add(): learn to record hashes of what we add\n- Minor update to buildah config documentation for entrypoint\n- Add registries.conf link to a few man pages\n[1.1-1]\n- Drop capabilities if running container processes as non root\n- Print Warning message if cmd will not be used based on entrypoint\n- Update 01-intro.md\n- Shouldn't add insecure registries to list of search registries\n- Report errors on bad transports specification when pushing images\n- Move parsing code out of common for namespaces and into pkg/parse.go\n- Add disable-content-trust noop flag to bud\n- Change freenode chan to buildah\n- runCopyStdio(): don't close stdin unless we saw POLLHUP\n- Add registry errors for pull\n- runCollectOutput(): just read until the pipes are closed on us\n- Run(): provide redirection for stdio\n- rmi, rm: add test\n- add mount test\n- Add parameter judgment for commands that do not require parameters\n- Add context dir to bud command in baseline test\n- run.bats: check that we can run with symlinks in the bundle path\n- Give better messages to users when image can not be found\n- use absolute path for bundlePath\n- Add environment variable to buildah --format\n- rm: add validation to args and all option\n- Accept json array input for config entrypoint\n- Run(): process RunOptions.Mounts, and its flags\n- Run(): only collect error output from stdio pipes if we created some\n- Add OnBuild support for Dockerfiles\n- Quick fix on demo readme\n- run: fix validate flags\n- buildah bud should require a context directory or URL\n- Touchup tutorial for run changes\n- Validate common bud and from flags\n- images: Error if the specified imagename does not exist\n- inspect: Increase err judgments to avoid panic\n- add test to inspect\n- buildah bud picks up ENV from base image\n- Extend the amount of time travis_wait should wait\n- Add a make target for Installing CNI plugins\n- Add tests for namespace control flags\n- copy.bats: check ownerships in the container\n- Fix SELinux test errors when SELinux is enabled\n- Add example CNI configurations\n- Run: set supplemental group IDs\n- Run: use a temporary mount namespace\n- Use CNI to configure container networks\n- add/secrets/commit: Use mappings when setting permissions on added content\n- Add CLI options for specifying namespace and cgroup setup\n- Always set mappings when using user namespaces\n- Run(): break out creation of stdio pipe descriptors\n- Read UID/GID mapping information from containers and images\n- Additional bud CI tests\n- Run integration tests under travis_wait in Travis\n- build-using-dockerfile: add --annotation\n- Implement --squash for build-using-dockerfile and commit\n- Vendor in latest container/storage for devicemapper support\n- add test to inspect\n- Vendor github.com/onsi/ginkgo and github.com/onsi/gomega\n- Test with Go 1.10, too\n- Add console syntax highlighting to troubleshooting page\n- bud.bats: print '' before checking its contents\n- Manage 'Run' containers more closely\n- Break Builder.Run()'s 'run runc' bits out\n- util.ResolveName(): handle completion for tagged/digested image names\n- Handle /etc/hosts and /etc/resolv.conf properly in container\n- Documentation fixes\n- Make it easier to parse our temporary directory as an image name\n- Makefile: list new pkg/ subdirectoris as dependencies for buildah\n- containerImageSource: return more-correct errors\n- API cleanup: PullPolicy and TerminalPolicy should be types\n- Make 'run --terminal' and 'run -t' aliases for 'run --tty'\n- Vendor github.com/containernetworking/cni v0.6.0\n- Update github.com/containers/storage\n- Update github.com/projectatomic/libpod\n- Add support for buildah bud --label\n- buildah push/from can push and pull images with no reference\n- Vendor in latest containers/image\n- Update gometalinter to fix install.tools error\n- Update troubleshooting with new run workaround\n- Added a bud demo and tidied up\n- Attempt to download file from url, if fails assume Dockerfile\n- Add buildah bud CI tests for ENV variables\n- Re-enable rpm .spec version check and new commit test\n- Update buildah scratch demo to support el7\n- Added Docker compatibility demo\n- Update to F28 and new run format in baseline test\n- Touchup man page short options across man pages\n- Added demo dir and a demo. chged distrorlease\n- builder-inspect: fix format option\n- Add cpu-shares short flag (-c) and cpu-shares CI tests\n- Minor fixes to formatting in rpm spec changelog\n- Fix rpm .spec changelog formatting\n- CI tests and minor fix for cache related noop flags\n- buildah-from: add effective value to mount propagation\n[1.0-1]\n- Remove buildah run cmd and entrypoint execution\n- Add Files section with registries.conf to pertinent man pages\n- Force 'localhost' as a default registry\n- Add --compress, --rm, --squash flags as a noop for bud\n- Add FIPS mode secret to buildah run and bud\n- Add config --comment/--domainname/--history-comment/--hostname\n- Add support for --iidfile to bud and commit\n- Add /bin/sh -c to entrypoint in config\n- buildah images and podman images are listing different sizes\n- Remove tarball as an option from buildah push --help\n- Update entrypoint behaviour to match docker\n- Display imageId after commit\n- config: add support for StopSignal\n- Allow referencing stages as index and names\n- Add multi-stage builds support\n- Vendor in latest imagebuilder, to get mixed case AS support\n- Allow umount to have multi-containers\n- Update buildah push doc\n- buildah bud walks symlinks\n- Imagename is required for commit atm, update manpage\n[0.16-3.git532e267]\n- Resolves: #1573681\n- built commit 532e267\n[0.16.0-2.git6f7d05b]\n- built commit 6f7d05b\n[0.16-1]\n- Add support for shell\n- Vendor in latest containers/image\n- \t docker-archive generates docker legacy compatible images\n-\t Do not create subdirectories for layers with no configs\n- \t Ensure the layer IDs in legacy docker/tarfile metadata are unique\n-\t docker-archive: repeated layers are symlinked in the tar file\n-\t sysregistries: remove all trailing slashes\n-\t Improve docker/* error messages\n-\t Fix failure to make auth directory\n-\t Create a new slice in Schema1.UpdateLayerInfos\n-\t Drop unused storageImageDestination.{image,systemContext}\n-\t Load a *storage.Image only once in storageImageSource\n-\t Support gzip for docker-archive files\n-\t Remove .tar extension from blob and config file names\n-\t ostree, src: support copy of compressed layers\n-\t ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size\n-\t image: fix docker schema v1 -> OCI conversion\n-\t Add /etc/containers/certs.d as default certs directory\n- Change image time to locale, add troubleshooting.md, add logo to other mds\n- Allow --cmd parameter to have commands as values\n- Document the mounts.conf file\n- Fix man pages to format correctly\n- buildah from now supports pulling images using the following transports:\n- docker-archive, oci-archive, and dir.\n- If the user overrides the storage driver, the options should be dropped\n- Show Config/Manifest as JSON string in inspect when format is not set\n- Adds feature to pull compressed docker-archive files\n[0.15-1]\n- Fix handling of buildah run command options\n[0.14-1]\n- If commonOpts do not exist, we should return rather then segfault\n- Display full error string instead of just status\n- Implement --volume and --shm-size for bud and from\n- Fix secrets patch for buildah bud\n- Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension\n[0.13-1.git99066e0]\n- use correct version\n[0.12-4.git99066e0]\n- enable debuginfo\n[0.12-3.git99066e0]\n- BR: libseccomp-devel\n[0.12-2.git99066e0]\n- Resolves: #1548535\n- built commit 99066e0\n[0.12-1]\n- Added handing for simpler error message for Unknown Dockerfile instructions.\n- Change default certs directory to /etc/containers/certs.dir\n- Vendor in latest containers/image\n- Vendor in latest containers/storage\n- build-using-dockerfile: set the 'author' field for MAINTAINER\n- Return exit code 1 when buildah-rmi fails\n- Trim the image reference to just its name before calling getImageName\n- Touch up rmi -f usage statement\n- Add --format and --filter to buildah containers\n- Add --prune,-p option to rmi command\n- Add authfile param to commit\n- Fix --runtime-flag for buildah run and bud\n- format should override quiet for images\n- Allow all auth params to work with bud\n- Do not overwrite directory permissions on --chown\n- Unescape HTML characters output into the terminal\n- Fix: setting the container name to the image\n- Prompt for un/pwd if not supplied with --creds\n- Make bud be really quiet\n- Return a better error message when failed to resolve an image\n- Update auth tests and fix bud man page\n[0.11-3.git49095a8]\n- Resolves: #1542236 - add ostree and bump runc dep\n[0.11-2.git49095a8]\n- rebased to 49095a83f8622cf69532352d183337635562e261\n[0.11-1]\n- Add --all to remove containers\n- Add --all functionality to rmi\n- Show ctrid when doing rm -all\n- Ignore sequential duplicate layers when reading v2s1\n- Lots of minor bug fixes\n- Vendor in latest containers/image and containers/storage\n[0.10-2]\n- Fix checkin\n[0.10-1]\n- Display Config and Manifest as strings\n- Bump containers/image\n- Use configured registries to resolve image names\n- Update to work with newer image library\n- Add --chown option to add/copy commands\n[0.9-2.git04ea079]\n- build for all arches\n[0.9-1]\n- Allow push to use the image id\n- Make sure builtin volumes have the correct label\n[0.8-1]\n- Buildah bud was failing on SELinux machines, this fixes this\n- Block access to certain kernel file systems inside of the container\n[0.7-1]\n- Ignore errors when trying to read containers buildah.json for loading SELinux reservations\n- Use credentials from kpod login for buildah\n- Adds support for converting manifest types when using the dir transport\n- Rework how we do UID resolution in images\n- Bump github.com/vbatts/tar-split\n- Set option.terminal appropriately in run\n[0.5-5.gitf7dc659]\n- revert building for s390x, it is intended for rhel 7.5\n[0.5-4]\n- Add requires for container-selinux\n[0.5-3.gitf7dc659]\n- build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234\n[0.5-2]\n- Bump github.com/vbatts/tar-split\n- Fixes CVE That could allow a container image to cause a DOS\n[0.5-1]\n- Add secrets patch to buildah\n- Add proper SELinux labeling to buildah run\n- Add tls-verify to bud command\n- Make filtering by date use the image's date\n- images: don't list unnamed images twice\n- Fix timeout issue\n- Add further tty verbiage to buildah run\n- Make inspect try an image on failure if type not specified\n- Add support for \n- Tons of bug fixes and code cleanup\n[0.4-2.git01db066]\n- bump to latest version\n- set GIT_COMMIT at build-time\n[0.4-1.git9cbccf88c]\n- Add default transport to push if not provided\n- Avoid trying to print a nil ImageReference\n- Add authentication to commit and push\n- Add information on buildah from man page on transports\n- Remove --transport flag\n- Run: do not complain about missing volume locations\n- Add credentials to buildah from\n- Remove export command\n- Run(): create the right working directory\n- Improve 'from' behavior with unnamed references\n- Avoid parsing image metadata for dates and layers\n- Read the image's creation date from public API\n- Bump containers/storage and containers/image\n- Don't panic if an image's ID can't be parsed\n- Turn on --enable-gc when running gometalinter\n- rmi: handle truncated image IDs\n[0.4-1.git9cbccf8]\n- bump to v0.4\n[0.3-4.gitb9b2a8a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.3-3.gitb9b2a8a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.3-2.gitb9b2a8a7e]\n- Bump for inclusion of OCI 1.0 Runtime and Image Spec\n[0.2.0-1.gitac2aad6]\n- buildah run: Add support for -- ending options parsing\n- buildah Add/Copy support for glob syntax\n- buildah commit: Add flag to remove containers on commit\n- buildah push: Improve man page and help information\n- buildah run: add a way to disable PTY allocation\n- Buildah docs: clarify --runtime-flag of run command\n- Update to match newer storage and image-spec APIs\n- Update containers/storage and containers/image versions\n- buildah export: add support\n- buildah images: update commands\n- buildah images: Add JSON output option\n- buildah rmi: update commands\n- buildah containers: Add JSON output option\n- buildah version: add command\n- buildah run: Handle run without an explicit command correctly\n- Ensure volume points get created, and with perms\n- buildah containers: Add a -a/--all option\n[0.1.0-2.git597d2ab9]\n- Release Candidate 1\n- All features have now been implemented.\n[0.0.1-1.git7a0a5333]\n- First package for Fedora\ncontainernetworking-plugins\n[0.7.4-4.git9ebe139]\n- bump release to preserve upgrade path\n- Related: #1821193\n[0.7.4-3.git9ebe139]\n- re-enable debuginfo\n[0.7.4-2.git9ebe139]\n- rebase, removed patch that is already upstream\n[0.7.3-7.git19f2f28]\n- go tools not in scl anymore\n[0.7.3-6.git19f2f28]\n- correct tag specification format in %gobuild macro\n[0.7.3-5.git19f2f28]\n- Resolves: #1616062 - patch to revert coreos/go-iptables bump\n[0.7.3-4.git19f2f28]\n- Resolves:#1603012\n- fix versioning, upstream got it wrong at 7.2\n[0.7.2-3.git19f2f28]\n- disable i686 temporarily for appstream builds\n- update golang deps and gobuild definition\n[0.7.2-2.git19f2f28]\n- rebase\n[0.7.0-103.gitdd8ff8a]\n- enable scl with the toolset\n[0.7.0-102.gitdd8ff8a]\n- remove devel and unittest subpackages\n- use new go-toolset deps\n[0.7.0-101]\n- rebase\n- patches already upstream, removed\n[0.6.0-6]\n- Imported from Fedora\n- Renamed CNI -> plugins\n[0.6.0-4]\n- Own the libexec cni directory\n[0.6.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[0.6.0-2]\n- skip settling IPv4 addresses\n[0.6.0-1]\n- rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9\n[0.5.2-7]\n- do not install to /opt (against Fedora Guidelines)\n[0.5.2-6]\n- Enable devel subpackage\n[0.5.2-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.5.2-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.5.2-3]\n- excludearch: ppc64 as it's not in goarches anymore\n- re-enable s390x\n[0.5.2-2]\n- upstream moved to github.com/containernetworking/plugins\n- built commit dcf7368\n- provides: containernetworking-plugins\n- use vendored deps because they're a lot less of a PITA\n- excludearch: s390x for now (rhbz#1466865)\n[0.5.2-1]\n- Update to 0.5.2\n- Softlink to default /opt/cni/bin directories\n[0.5.1-1]\n- Initial package\ncontainer-selinux\n[2:2.124.0-1.gitf958d0c]\n- update to 2.124.0\n- Resolves: #1816541\n[2:2.94-2.git1e99f1d]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766316, #1766215\n[2:2.94-1.git1e99f1d]\n- Resolves: #1690286 - bump to v2.94\n- Resolves: #1693806, #1689255\n[2:2.89-1.git2521d0d]\n- bump to v2.89\n[2:2.75-1.git99e2cfd]\n- bump to v2.75\n- built commit 99e2cfd\n[2:2.74-1]\n- Resolves: #1641655 - bump to v2.74\n- built commit a62c2db\n[2:2.73-3]\n- tweak macro for fedora - applies to rhel8 as well\n[2:2.73-2]\n- moved changelog entries:\n- Define spc_t as a container_domain, so that container_runtime will transition\nto spc_t even when setup with nosuid.\n- Allow container_runtimes to setattr on callers fifo_files\n- Fix restorecon to not error on missing directory\n[2.69-3]\n- Make sure we pull in the latest selinux-policy\n[2.69-2]\n- Add map support to container-selinux for RHEL 7.5\n- Dontudit attempts to write to kernel_sysctl_t\n[2.68-1]\n- Add label for /var/lib/origin\n- Add customizable_file_t to customizable_types\n[2.67-1]\n- Add policy for container_logreader_t\n[2.66-1]\n- Allow dnsmasq to dbus chat with spc_t\n[2.64-1]\n- Allow containers to create all socket classes\n[2.62-1]\n- Label overlay directories under /var/lib/containers/ correctly\n[2.61-1]\n- Allow spc_t to load kernel modules from inside of container\n[2.60-1]\n- Allow containers to list cgroup directories\n- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.\n[2.58-2]\n- Run restorecon /usr/bin/podman in postinstall\n[2.58-1]\n- Add labels to allow podman to be run from a systemd unit file\n[2.57-1]\n- Set the version of SELinux policy required to the latest to fix build issues.\n[2.56-1]\n- Allow container_runtime_t to transition to spc_t over unlabeled files\n[2.55-1]\nAllow iptables to read container state\n Dontaudit attempts from containers to write to /proc/self\n Allow spc_t to change attributes on container_runtime_t fifo files\n[2.52-1]\n- Add better support for writing custom selinux policy for customer container domains.\n[2.51-1]\n- Allow shell_exec_t as a container_runtime_t entrypoint\n[2.50-1]\n- Allow bin_t as a container_runtime_t entrypoint\n[2.49-1]\n- Add support for MLS running container runtimes\n- Add missing allow rules for running systemd in a container\n[2.48-1]\n- Update policy to match master branch\n- Remove typebounds and replace with nnp_transition and nosuid_transition calls\n[2.41-1]\n- Add support to nnp_transition for container domains\n- Eliminates need for typebounds.\n[2.40-1]\n- Allow container_runtime_t to use user ttys\n- Fixes bounds check for container_t\n[2.39-1]\n- Allow container runtimes to use interited terminals. This helps\nsatisfy the bounds check of container_t versus container_runtime_t.\n[2.38-1]\n- Allow container runtimes to mmap container_file_t devices\n- Add labeling for rhel push plugin\n[2.37-1]\n- Allow containers to use inherited ttys\n- Allow ostree to handle labels under /var/lib/containers/ostree\n[2.36-1]\n- Allow containers to relabelto/from all file types to container_file_t\n[2.35-1]\n- Allow container to map chr_files labeled container_file_t\n[2.34-1]\n- Dontaudit container processes getattr on kernel file systems\n[2.33-1]\n- Allow containers to read /etc/resolv.conf and /etc/hosts if volume\n- mounted into container.\n[2.32-1]\n- Make sure users creating content in /var/lib with right labels\n[2.31-1]\n- Allow the container runtime to dbus chat with dnsmasq\n- add dontaudit rules for container trying to write to /proc\n[2.29-1]\n- Add support for lxcd\n- Add support for labeling of tmpfs storage created within a container.\n[2.28-1]\n- Allow a container to umount a container_file_t filesystem\n[2.27-1]\n- Allow container runtimes to work with the netfilter sockets\n- Allow container_file_t to be an entrypoint for VM's\n- Allow spc_t domains to transition to svirt_t\n[2.24-1]\n- Make sure container_runtime_t has all access of container_t\n[2.23-1]\n- Allow container runtimes to create sockets in tmp dirs\n[2.22-1]\n- Add additonal support for crio labeling.\n[2.21-3]\n- Fixup spec file conditionals\n[2:2.21-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[2.21-1]\n- Allow containers to execmod on container_share_t files.\n[2.20-2]\n- Relabel runc and crio executables\n[2.20-1]\n- Allow container processes to getsession\n[2:2.19-2.1]\n- update release tag to isolate from 7.3\n[2:2.19-1]\n- Fix mcs transition problem on stdin/stdout/stderr\n- Add labels for CRI-O\n- Allow containers to use tunnel sockets\n[2:2.15-1.1]\n- Resolves: #1451289\n- rebase to v2.15\n- built @origin/RHEL-1.12 commit 583ca40\n[2:2.10-2.1]\n- Make sure we have a late enough version of policycoreutils\n[2:2.10-1]\n- Update to the latest container-selinux patch from upstream\n- Label files under /usr/libexec/lxc as container_runtime_exec_t\n- Give container_t access to XFRM sockets\n- Allow spc_t to dbus chat with init system\n- Allow containers to read cgroup configuration mounted into a container\n[2:2.9-4]\n- Resolves: #1425574\n- built commit 79a6d70\n[2:2.9-3]\n- Resolves: #1420591\n- built @origin/RHEL-1.12 commit 8f876c4\n[2:2.9-2]\n- built @origin/RHEL-1.12 commit 33cb78b\n[2:2.8-2]\n-\n[2:2.7-1]\n- built origin/RHEL-1.12 commit 21dd37b\n[2:2.4-2]\n- correct version-release in changelog entries\n[2:2.4-1]\n- Add typebounds statement for container_t from container_runtime_t\n- We should only label runc not runc*\n[2:2.3-1]\n- Fix labeling on /usr/bin/runc.*\n- Add sandbox_net_domain access to container.te\n- Remove containers ability to look at /etc content\n[2:2.2-4]\n- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7\n[2:2.2-3]\n- properly disable docker module in %post\n[2:2.2-2]\n- depend on selinux-policy-targeted\n- relabel docker-latest* files as well\n[2:2.2-1]\n- bump to v2.2\n- additional labeling for ocid\n[2:2.0-2]\n- install policy at level 200\n- From: Dan Walsh \n[2:2.0-1]\n- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a\nstandalone package)\n- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel\n[2:1.12.4-29]\n- new package (separated from docker)\ncriu\nfuse-overlayfs\n[0.3-5]\n- revert fuse-overlayfs to commit 6d269aa\n- Resolves: #1720707\n[0.3-4.dev.gitd760789]\n- rebase\n[0.3-2]\n- rebase\n- Resolves:#1666510\n[0.1-7.dev.git50c7a50]\n- Resolves: #1640232\n- built commit 50c7a50\n[0.1-6.dev.git1c72a1a]\n- Resolves: #1614856 - add manpage\n- built commit 1c72a1a\n- add BR: go-md2man\n[0.1-5.dev.gitd40ac75]\n- built commit d40ac75\n- remove fedora bz ids\n- Exclude ix86 and ppc64\n[0.1-4.dev.git79c70fd]\n- Resolves: #1609598 - initial upload to Fedora\n- bundled gnulib\n[0.1-3.dev.git79c70fd]\n- correct license field\n[0.1-2.dev.git79c70fd]\n- fix license\n[0.1-1.dev.git13575b6]\n- First package for Fedora\noci-systemd-hook\noci-umount\npodman\n[1.0.0-8.git921f98f]\n- fix 'podman can not create user inside of container' regression introduced by\n patch for CVE-2021-20188\n- Related: #1918285\n[1.0.0-7.git921f98f]\n- fix CVE-2021-20188\n- Resolves: #1918285\n[1.0.0-6.git921f98f]\n- fix 'podman run errors out/segfaults in container-tools-1.0-8.3.0'\n- Resolves: #1882267\n[1.0.0-5.git921f98f]\n- bump release to preserve upgrade path\n- Resolves: #1821193\n[1.0.0-4.git921f98f]\n- fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process'\n- Resolves: #1818122\n[1.0.0-3.git921f98f]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766294, #1766322\n[1.0.0-2.git921f98f]\n- rebase\n[1.0.0-1.git82e8011]\n- rebase to v1, yay!\n- rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2\n- Resolves:#1623282\n- python interface removed, moved to https://github.com/containers/python-podman/\n[0.12.1.2-4.git9551f6b]\n- re-enable debuginfo\n[0.12.1.2-3.git9551f6b]\n- python libraries added\n- resolves: #1657180\n[0.12.1.2-2.git9551f6b]\n- rebase\n[0.11.1.1-3.git594495d]\n- go tools not in scl anymore\n[0.11.1.1-2.git594495d]\n- fedora-like buildrequires go toolset\n[0.11.1.1-1.git594495d]\n- Resolves: #1636230 - build with FIPS enabled golang toolchain\n- bump to v0.11.1.1\n- built commit 594495d\n[0.11.1-3.gita4adfe5]\n- podman-docker provides docker\n- Resolves: #1650355\n[0.11.1-2.gita4adfe5]\n- Require platform-python-setuptools instead of python3-setuptools\n- Resolves: rhbz#1650144\n[0.11.1-1.gita4adfe5]\n- bump to v0.11.1\n- built libpod commit a4adfe5\n- built conmon from cri-o commit 464dba6\n[0.10.1.3-5.gitdb08685]\n- Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it\n- not having device-mapper-devel seems to have brew not recognize %{_unitdir}\n[0.10.1.3-4.gitdb08685]\n- Resolves: #1625384 - correctly add buildtags to remove devmapper\n[0.10.1.3-3.gitdb08685]\n- Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2\n[0.10.1.3-2.gitdb08685]\n- Resolves: #1625384 - depend on lvm2\n[0.10.1.3-1.gitdb08685]\n- Resolves: #1640298 - update vendored buildah to allow building when there are\nrunning containers\n- bump to v0.10.1.3\n- built podman commit db08685\n[0.10.1.2-1.git2b4f8d1]\n- Resolves: #1625378\n- bump to v0.10.1.2\n- built podman commit 2b4f8d1\n[0.10.1.1-1.git4bea3e9]\n- bump to v0.10.1.1\n- built podman commit 4bea3e9\n[0.10.1-1.gite4a1553]\n- bump podman to v0.10.1\n- built podman commit e4a1553\n- built conmon from cri-o commit a30f93c\n[0.9.3.1-4.git1cd906d]\n- rebased cri-o to 1.11.6\n[0.9.3.1-3.git1cd906d]\n- rebase\n[0.9.2-2.git37a2afe]\n- rebase to podman 0.9.2\n- rebase to cri-o 0.11.4\n[0.9.1.1-2.git123de30]\n- rebase\n[0.8.4-1.git9f9b8cf]\n- bump to v0.8.4\n- built commit 9f9b8cf\n- upstream username changed from projectatomic to containers\n- use containernetworking-plugins >= 0.7.3-5\n[0.8.2.1-2.git7a526bb]\n- Resolves: #1615607 - rebuild with gobuild tag 'no_openssl'\n[0.8.2.1-1.git7a526bb]\n- Upstream 0.8.2.1 release\n- Add support for podman-docker\nResolves: rhbz#1615104\n[0.8.2-1.dev.git8b2d38e]\n- Resolves: #1614710 - podman search name includes registry\n- bump to v0.8.2-dev\n- built libpod commit 8b2d38e\n- built conmon from cri-o commit acc0ee7\n[0.8.1-2.git6b4ab2a]\n- Add recommends for slirp4netns and container-selinux\n[0.8.1-2.git6b4ab2a]\n- bump to v0.8.1\n- use %go{build,generate} instead of go build and go generate\n- update go deps to use scl-ized builds\n- No need for Makefile patch for python installs\n[0.8.1-1.git6b4ab2a]\n- Bump to v0.8.1\n[0.7.4-2.git079121]\n- podman should not require atomic-registries\n[0.7.4-1.dev.git9a18681]\n- bump to v0.7.4-dev\n- built commit 9a18681\n[0.7.3-2.git079121]\n- Turn on ostree support\n- Upstream 0.7.3\n[0.7.2-2.git4ca4c5f]\n- Upstream 0.7.2 release\n[0.7.1-3.git84cfdb2]\n- rebuilt\n[0.7.1-2.git84cfdb2]\n- rebase to 84cfdb2\n[0.7.1-1.git802d4f2]\n- Upstream 0.7.1 release\n[0.6.4-2.gitd5beb2f]\n- disable devel and unittest subpackages\n- include conditionals for rhel-8.0\n[0.6.4-1.gitd5beb2f]\n- do not compress debuginfo with dwz to support delve debugger\n[0.6.1-3.git3e0ff12]\n- do not compress debuginfo with dwz to support delve debugger\n[0.6.1-2.git3e0ff12]\n- bash completion shouldn't have shebang\n[0.6.1-1.git3e0ff12]\n- Resolves: #1584429 - drop capabilities when running a container as non-root\n- bump to v0.6.1\n- built podman commit 3e0ff12\n- built conmon from cri-o commit 1c0c3b0\n- drop containernetworking-plugins subpackage, it's now split out into a standalone\npackage\n[0.4.1-4.gitb51d327]\n- Resolves: #1572538 - build host-device and portmap plugins\n[0.4.1-3.gitb51d327]\n- correct dep on containernetworking-plugins\n[0.4.1-2.gitb51d327]\n- add containernetworking-plugins v0.7.0 as a subpackage (podman dep)\n- release tag for the containernetworking-plugins is actually gotten from\npodman release tag.\n[0.4.1-1.gitb51d327]\n- bump to v0.4.1\n- built commit b51d327\n[0.3.3-1.dev.gitbc358eb]\n- built podman commit bc358eb\n- built conmon from cri-o commit 712f3b8\n[0.3.2-1.gitf79a39a]\n- Release 0.3.2-1\n[0.3.1-2.git98b95ff]\n- Correct RPM version\n[0.3.1-1-gitc187538]\n- Release 0.3.1-1\n[0.2.2-2.git525e3b1]\n- Build on ARMv7 too (Fedora supports containers on that arch too)\n[0.2.2-1.git525e3b1]\n- Release 0.2.2\n[0.2.1-1.git3d0100b]\n- Release 0.2.1\n[0.2-3.git3d0100b]\n- Add dep for atomic-registries\n[0.2-2.git3d0100b]\n- Add more 64bit arches\n- Add containernetworking-cni dependancy\n- Add iptables dependancy\n[0-2.1.git3d0100]\n- Release 0.2\n[0-0.3.git367213a]\n- Resolves: #1541554 - first official build\n- built commit 367213a\n[0-0.2.git0387f69]\n- built commit 0387f69\n[0-0.1.gitc1b2278]\n- First package for Fedora\nrunc\n[1.0.0-56.rc5.dev.git2abd837]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1766328, #1766300\n[1.0.0-55.rc5.dev.git2abd837]\n- Resolves: #1665770 - rootfs: umount all procfs and sysfs with --no-pivot\n- Resolves: CVE-2019-5736\n[1.0.0-54.rc5.dev.git2abd837]\n- re-enable debuginfo\n[1.0.0-53.rc5.dev.git2abd837]\n- go toolset not in scl anymore\n[1.0.0-52.rc5.dev.git2abd837]\n- rebase\n[2:1.0.0-51.dev.gitfdd8055]\n- Fix handling of tmpcopyup\n[2:1.0.0-49.rc5.dev.gitb4e2ecb]\n- %gobuild uses no_openssl\n- remove unused devel and unit-test subpackages\n[2:1.0.0-48.rc5.dev.gitad0f525]\n- build with %gobuild\n- exlude i686 temporarily because of go-toolset issues\n[1.0.0-47.dev.gitb4e2ecb]\n- Rebuild with fixed binutils\n[2:1.0.0-46.dev.gitb4e2ecb]\n- Add patch https://github.com/opencontainers/runc/pull/1807 to allow\n- runc and podman to work with sd_notify\n[2:1.0.0-40.rc5.dev.gitad0f525]\n- Remove sysclt handling, not needed in RHEL8\n- Make sure package built with seccomp flags\n- Remove rectty\n- Add completions\n[2:1.0.0-36.rc5.dev.gitad0f525]\n- Better handling of user namespace\n[2:1.0.0-31.rc5.git0cbfd83]\n- Fix issues between SELinux and UserNamespace\n[1.0.0-27.rc5.dev.git4bb1fe4]\n- rebuilt, placed missing changelog entry back\n[2:1.0.0-26.rc5.git4bb1fe4]\n- release v1.0.0~rc5\n[1.0.0-26.rc4.git9f9c962]\n- Bump to the latest from upstream\n[1.0.0-25.rc4.gite6516b3]\n- built commit e6516b3\n[1.0.0-24.rc4.dev.gitc6e4a1e.1]\n- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f\n- https://github.com/opencontainers/runc/pull/1651\n[1.0.0-23.rc4.git1d3ab6d]\n- Resolves: #1524654\n[1.0.0-22.rc4.git1d3ab6d]\n- Many Stability fixes\n- Many fixes for rootless containers\n- Many fixes for static builds\n[1.0.0-21.rc4.dev.gitaea4f21]\n- enable debuginfo and include -buildmode=pie for go build\n[1.0.0-20.rc4.dev.gitaea4f21]\n- use Makefile\n[1.0.0-19.rc4.dev.gitaea4f21]\n- disable debuginfo temporarily\n[1.0.0-18.rc4.dev.gitaea4f21]\n- enable debuginfo\n[1.0.0-17.rc4.gitaea4f21]\n- Add container-selinux prerequires to make sure runc is labeled correctly\n[1.0.0-16.rc4.dev.gitaea4f21]\n- correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD\n[1.0.0-15.rc4dev.gitaea4f21]\n- Use the same checkout as Fedora for lates CRI-O\n[1.0.0-14.rc4dev.git84a082b]\n- rebase to 84a082bfef6f932de921437815355186db37aeb1\n[1.0.0-13.rc3.gitd40db12]\n- Resolves: #1479489\n- built commit d40db12\n[1.0.0-12.1.gitf8ce01d]\n- disable s390x temporarily because of indefinite wait times on brew\n[1.0.0-11.1.gitf8ce01d]\n- correct previous bogus date :\n[1.0.0-10.1.gitf8ce01d]\n- Resolves: #1441737 - run sysctl_apply for sysctl knob\n[1.0.0-9.1.gitf8ce01d]\n- Resolves: #1447078 - change default root path\n- add commit e800860 from runc @projectatomic/change-root-path\n[1.0.0-8.1.gitf8ce01d]\n- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts\n[1.0.0-7.1.gitf8ce01d]\n- Resolves: #1429675\n- built @opencontainers/master commit f8ce01d\n[1.0.0-4.1.gitee992e5]\n- built @projectatomic/master commit ee992e5\n[1.0.0-3.rc2]\n- Resolves: #1426674\n- built projectatomic/runc_rhel_7 commit 5d93f81\n[1.0.0-2.rc2]\n- Resolves: #1419702 - rebase to latest upstream master\n- built commit b263a43\n[1.0.0-1.rc2]\n- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,\nrunc patch from Michael Crosby \n[0.1.1-6]\n- Resolves: #1373980 - rebuild for 7.3.0\n[0.1.1-5]\n- build with golang >= 1.6.2\n[0.1.1-4]\n- release tags were inconsistent in the previous build\n[0.1.1-1]\n- Resolves: #1341267 - rebase runc to v0.1.1\n[0.1.0-3]\n- add selinux build tag\n- add BR: libseccomp-devel\n[0.1.0-2]\n- Resolves: #1328970 - add seccomp buildtag\n[0.1.0-1]\n- Resolves: rhbz#1328616 - rebase to v0.1.0\n[0.0.8-1.git4155b68]\n- Resolves: rhbz#1277245 - bump to 0.0.8\n- Resolves: rhbz#1302363 - criu is a runtime dep\n- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps\n- manpages included\n[1:0.0.5-0.1.git97bc9a7]\n- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2\n[0.2-0.2.git90e6d37]\n- First package for Fedora\n resolves: #1255179\nskopeo\n[1:0.1.32-6.git1715c90.0.1]\n- Update registry conf file [Orabug: 31306708]\n- Add oracle registry into the conf file [Orabug: 29845934]\n- Fix oracle registry login issues [Orabug: 29937192]\n[1:0.1.32-6.git1715c90]\n- bump release to preserve upgrade path\n- Related: #1821193\n[1:0.1.32-4.git1715c90]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Resolves: #1772130, #1772135\n[1:0.1.32-3.git1715c90]\n- rebase\n[1:0.1.32-2.git1715c90]\n- re-enable debuginfo\n[1:0.1.31-12.gitb0b750d]\n- go tools not in scl anymore\n[1:0.1.31-11.gitb0b750d]\n- Resolves: #1615609\n- built upstream tag v0.1.31\n[1:0.1.31-10.git0144aa8]\n- Resolves: #1616069 - correct order of registries\n[1:0.1.31-9.git0144aa8]\n- Resolves: #1615609 - rebuild with gobuild tag 'no_openssl'\n[1:0.1.31-8.git0144aa8]\n- Resolves: #1614934 - containers-common soft dep on slirp4netns and\nfuse-overlayfs\n[1:0.1.31-7.git0144aa8]\n- build with %gobuild\n- use scl-ized go-toolset as dep\n- disable i686 builds temporarily because of go-toolset issues\n[1:0.1.31-6.git0144aa8]\n- add statx to seccomp.json to containers-config\n- add seccomp.json to containers-config\n[1:0.1.31-4.git0144aa8]\n- Resolves: #1597629 - handle dependency issue for skopeo-containers\n- rename skopeo-containers to containers-common as in Fedora\n[1:0.1.31-3.git0144aa8]\n- Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs\nbuildtag\n[1:0.1.31-2.git0144aa8]\n- correct bz in previous changelog\n[1:0.1.31-1.git0144aa8]\n- Resolves: #1580938 - resolve FTBFS\n- Resolves: #1583762 - remove dependency on btrfs-progs-devel\n- bump to v0.1.31 (from master)\n- built commit ca3bff6\n- use go-toolset deps for rhel8\n[0.1.29-5.git7add6fc]\n- Fix small typo in registries.conf\n[0.1.29-4.git]\n- Add policy.json.5\n[0.1.29-3.git]\n- Add registries.conf\n[0.1.29-2.git]\n- Add registries.conf man page\n[0.1.29-1.git]\n- bump to 0.1.29-1\n- Updated containers/image\n docker-archive generates docker legacy compatible images\n Do not create subdirectories for layers with no configs\n Ensure the layer IDs in legacy docker/tarfile metadata are unique\n docker-archive: repeated layers are symlinked in the tar file\n sysregistries: remove all trailing slashes\n Improve docker/* error messages\n Fix failure to make auth directory\n Create a new slice in Schema1.UpdateLayerInfos\n Drop unused storageImageDestination.{image,systemContext}\n Load a *storage.Image only once in storageImageSource\n Support gzip for docker-archive files\n Remove .tar extension from blob and config file names\n ostree, src: support copy of compressed layers\n ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size\n image: fix docker schema v1 -> OCI conversion\n Add /etc/containers/certs.d as default certs directory\n[0.1.28-2.git0270e56]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[0.1.28-1.git]\n- Vendor in fixed libraries in containers/image and containers/storage\n[0.1.27-1.git]\n- Fix Conflicts to Obsoletes\n- Add better docs to man pages.\n- Use credentials from authfile for skopeo commands\n- Support storage='' in /etc/containers/storage.conf\n- Add global --override-arch and --override-os options\n[0.1.25-2.git2e8377a7]\n- Add manifest type conversion to skopeo copy\n- User can select from 3 manifest types: oci, v2s1, or v2s2\n- e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory\n[0.1.25-2.git7fd6f66b]\n- Force storage.conf to default to overlay\n[0.1.25-1.git7fd6f66b]\n- Fix CVE in tar-split\n- copy: add shared blob directory support for OCI sources/destinations\n- Aligning Docker version between containers/image and skopeo\n- Update image-tools, and remove the duplicate Sirupsen/logrus vendor\n- makefile: use -buildmode=pie\n[0.1.24-8.git28d4e08a]\n- Add /usr/share/containers/mounts.conf\n[0.1.24-7.git28d4e08a]\n- Bug fixes\n- Update to release\n[0.1.24-6.dev.git28d4e08]\n- skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31\n[0.1.24-5.dev.git28d4e08]\n- Add rhel subscription secrets data to skopeo-containers\n[0.1.24-4.dev.git28d4e08]\n- Update container/storage.conf and containers-storage.conf man page\n- Default override to true so it is consistent with RHEL.\n[0.1.24-3.dev.git28d4e08]\n- built commit 28d4e08\n[0.1.24-2.dev.git875dd2e]\n- built commit 875dd2e\n- Resolves: gh#416\n[0.1.24-1.dev.gita41cd0]\n- bump to 0.1.24-dev\n- correct a prior bogus date\n- fix macro in comment warning\n[0.1.23-6.dev.git1bbd87]\n- Change name of storage.conf.5 man page to containers-storage.conf.5, since\nit conflicts with inn package\n- Also remove default to 'overalay' in the configuration, since we should\n- allow containers storage to pick the best default for the platform.\n[0.1.23-5.git1bbd87f]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.1.23-4.git1bbd87f]\n- Rebuild with binutils fix for ppc64le (#1475636)\n[0.1.23-3.git1bbd87f]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.1.23-2.dev.git1bbd87]\n- Fix storage.conf man page to be storage.conf.5.gz so that it works.\n[0.1.23-1.dev.git1bbd87]\n- Support for OCI V1.0 Images\n- Update to image-spec v1.0.0 and revendor\n- Fixes for authentication\n[0.1.22-2.dev.git5d24b67]\n- Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1\n[0.1.22-1.dev.git5d24b67]\n- Give more useful help when explaining usage\n- Also specify container-storage as a valid transport\n- Remove docker reference wherever possible\n- vendor in ostree fixes\n[0.1.21-1.dev.git0b73154]\n- Add support for storage.conf and storage-config.5.md from github container storage package\n- Bump to the latest version of skopeo\n- vendor.conf: add ostree-go\n- it is used by containers/image for pulling images to the OSTree storage.\n- fail early when image os does not match host os\n- Improve documentation on what to do with containers/image failures in test-skopeo\n- We now have the docker-archive: transport\n- Integration tests with built registries also exist\n- Support /etc/docker/certs.d\n- update image-spec to v1.0.0-rc6\n[0.1.20-1.dev.git0224d8c]\n- BZ #1380078 - New release\n[0.1.19-2.dev.git0224d8c]\n- No golang support for ppc64. Adding exclude arch. BZ #1445490\n[0.1.19-1.dev.git0224d8c]\n- bump to v0.1.19-dev\n- built commit 0224d8c\n[0.1.17-3.dev.git2b3af4a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[0.1.17-2.dev.git2b3af4a]\n- Rebuild for gpgme 1.18\n[0.1.17-1.dev.git2b3af4a]\n- bump to 0.1.17-dev\n[0.1.14-6.git550a480]\n- Fix BZ#1391932\n[0.1.14-5.git550a480]\n- Conflicts with atomic in skopeo-containers\n[0.1.14-4.git550a480]\n- built skopeo-containers\n[0.1.14-3.gitd830391]\n- built mtrmac/integrate-all-the-things commit d830391\n[0.1.14-2.git362bfc5]\n- built commit 362bfc5\n[0.1.14-1.gitffe92ed]\n- build origin/master commit ffe92ed\n[0.1.13-6]\n- https://fedoraproject.org/wiki/Changes/golang1.7\n[0.1.13-5]\n- include go-srpm-macros and compiler(go-compiler) in fedora conditionals\n- define %gobuild if not already\n- add patch to build with older version of golang\n[0.1.13-4]\n- update to v0.1.12\n[0.1.12-3]\n- fix go build source path\n[0.1.12-2]\n- update to v0.1.12\n[0.1.11-1]\n- update to v0.1.11\n[0.1.10-1]\n- update to v0.1.10\n- change runcom -> projectatomic\n[0.1.9-1]\n- update to v0.1.9\n[0.1.8-1]\n- update to v0.1.8\n[0.1.4-2]\n- https://fedoraproject.org/wiki/Changes/golang1.6\n[0.1.4]\n- First package for Fedora\nslirp4netns\n[0.1-5.dev.gitc4e1bc5]\n- backport fix for CVE-2020-7039\n- Resolves: #1791578\n[0.1-4.dev.gitc4e1bc5]\n- actually add CVE-2019-14378 patch to dist-git\n- Related: RHELPLAN-25139\n[0.1-3.dev.gitc4e1bc5]\n- Fix CVE-2019-14378 (#1768394).\n[0.1-2.dev.gitc4e1bc5]\n- changed summary\n[0.1-1.dev.gitc4e1bc5]\n- First package for RHEL 8\n- import from Fedora rawhide\n- Exclude ix86 and ppc64", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-03-05T00:00:00", "type": "oraclelinux", "title": "container-tools:1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9962", "CVE-2019-14378", "CVE-2019-5736", "CVE-2019-9512", "CVE-2019-9514", "CVE-2020-10696", "CVE-2020-7039", "CVE-2021-20188"], "modified": "2021-03-05T00:00:00", "id": "ELSA-2021-0705", "href": "http://linux.oracle.com/errata/ELSA-2021-0705.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:55", "description": "[15:3.1.0-5.el7]\n- Only enable the halt poll control MSR if it is supported by the host (Mark\n Kanda) [Orabug: 29946722]\n[15:3.1.0-4.el7]\n- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278]\n- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524}\n- pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123}\n- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155}\n- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrange) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}\n- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676]\n- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676]\n- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676]\n- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]\n- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676]\n- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676]\n- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676]\n- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676]\n- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676]\n- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]\n- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-07-10T00:00:00", "type": "oraclelinux", "title": "qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5931", "CVE-2017-6058", "CVE-2017-9524", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-20123", "CVE-2019-11091", "CVE-2019-12155"], "modified": "2019-07-10T00:00:00", "id": "ELSA-2019-4713", "href": "http://linux.oracle.com/errata/ELSA-2019-4713.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:39", "description": "buildah\n[1.11.6-4.0.1]\n- Fixes troubles with oracle registry login [Orabug: 29937283]\n[1.11.6-4]\n- compile in FIPS mode\n- Related: RHELPLAN-25138\n[1.11.6-3]\n- be sure to use golang >= 1.12.12-4\n- Related: RHELPLAN-25138\n[1.11.6-2]\n- fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints()\n- bug reference 1772179\n- Related: RHELPLAN-25138\n[1.11.6-1]\n- update to buildah 1.11.6\n- Related: RHELPLAN-25138\n[1.11.5-1]\n- update to buildah 1.11.5\n- Related: RHELPLAN-25138\n[1.11.4-2]\n- fix %gobuild macro to not to ignore BUILDTAGS\n[1.11.4-1]\n- update to 1.11.4\n[1.9.0-5]\n- Use autosetup macro again.\n[1.9.0-4]\n- Fix CVE-2019-10214 (#1734653).\n[1.9.0-3]\n- Resolves: #1721247 - enable fips mode\n[1.9.0-2]\n- Resolves: #1720654 - tests subpackage depends on golang explicitly\n[1.9.0-1]\n- Resolves: #1720654 - rebase to v1.9.0\n[1.8.3-1]\n- Resolves: #1720654 - rebase to v1.8.3\n[1.8-0.git021d607]\n- package system tests\n[1.5-3.gite94b4f9]\n- re-enable debuginfo\n[1.5-2.gite94b4f9]\n- go toolset not in scl anymore\n[1.5-1.gite94b4f9]\n- rebase\n[1.4-3.git608fa84]\n- fedora-like go compiler macro in buildrequires is enough\n[1.4-2.git608fa84]\n- rebase\n[1.3-3.git4888163]\n- Resolves: #1615611 - rebuild with gobuild tag 'no_openssl'\n[1.3-2.git4888163]\n- Resolves: #1614009 - built with updated scl-ized go-toolset dep\n- build with %gobuild\n[1.3-1]\n- Bump to v1.3\n- Vendor in lates containers/image\n- build-using-dockerfile: let -t include transports again\n- Block use of /proc/acpi and /proc/keys from inside containers\n- Fix handling of --registries-conf\n- Fix becoming a maintainer link\n- add optional CI test fo darwin\n- Don't pass a nil error to errors.Wrapf()\n- image filter test: use kubernetes/pause as a 'since'\n- Add --cidfile option to from\n- vendor: update containers/storage\n- Contributors need to find the CONTRIBUTOR.md file easier\n- Add a --loglevel option to build-with-dockerfile\n- Create Development plan\n- cmd: Code improvement\n- allow buildah cross compile for a darwin target\n- Add unused function param lint check\n- docs: Follow man-pages(7) suggestions for SYNOPSIS\n- Start using github.com/seccomp/containers-golang\n- umount: add all option to umount all mounted containers\n- runConfigureNetwork(): remove an unused parameter\n- Update github.com/opencontainers/selinux\n- Fix buildah bud --layers\n- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0\n- main: if unprivileged, reexec in a user namespace\n- Vendor in latest imagebuilder\n- Reduce the complexity of the buildah.Run function\n- mount: output it before replacing lastError\n- Vendor in latest selinux-go code\n- Implement basic recognition of the '--isolation' option\n- Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin\n- Run(): don't include any default environment variables\n- build without seccomp\n- vendor in latest runtime-tools\n- bind/mount_unsupported.go: remove import errors\n- Update github.com/opencontainers/runc\n- Add Capabilities lists to BuilderInfo\n- Tweaks for commit tests\n- commit: recognize committing to second storage locations\n- Fix ARGS parsing for run commands\n- Add info on registries.conf to from manpage\n- Switch from using docker to podman for testing in .papr\n- buildah: set the HTTP User-Agent\n- ONBUILD tutorial\n- Add information about the configuration files to the install docs\n- Makefile: add uninstall\n- Add tilde info for push to troubleshooting\n- mount: support multiple inputs\n- Use the right formatting when adding entries to /etc/hosts\n- Vendor in latest go-selinux bindings\n- Allow --userns-uid-map/--userns-gid-map to be global options\n- bind: factor out UnmountMountpoints\n- Run(): simplify runCopyStdio()\n- Run(): handle POLLNVAL results\n- Run(): tweak terminal mode handling\n- Run(): rename 'copyStdio' to 'copyPipes'\n- Run(): don't set a Pdeathsig for the runtime\n- Run(): add options for adding and removing capabilities\n- Run(): don't use a callback when a slice will do\n- setupSeccomp(): refactor\n- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers\n- Escape use of '_' in .md docs\n- Break out getProcIDMappings()\n- Break out SetupIntermediateMountNamespace()\n- Add Multi From Demo\n- Use the c/image conversion code instead of converting configs manually\n- Don't throw away the manifest MIME type and guess again\n- Consolidate loading manifest and config in initConfig\n- Pass a types.Image to Builder.initConfig\n- Require an image ID in importBuilderDataFromImage\n- Use c/image/manifest.GuessMIMEType instead of a custom heuristic\n- Do not ignore any parsing errors in initConfig\n- Explicitly handle 'from scratch' images in Builder.initConfig\n- Fix parsing of OCI images\n- Simplify dead but dangerous-looking error handling\n- Don't ignore v2s1 history if docker_version is not set\n- Add --rm and --force-rm to buildah bud\n- Add --all,-a flag to buildah images\n- Separate stdio buffering from writing\n- Remove tty check from images --format\n- Add environment variable BUILDAH_RUNTIME\n- Add --layers and --no-cache to buildah bud\n- Touch up images man\n- version.md: fix DESCRIPTION\n- tests: add containers test\n- tests: add images test\n- images: fix usage\n- fix make clean error\n- Change 'registries' to 'container registries' in man\n- add commit test\n- Add(): learn to record hashes of what we add\n- Minor update to buildah config documentation for entrypoint\n- Bump to v1.2-dev\n- Add registries.conf link to a few man pages\n[1.2-3]\n- do not depend on btrfs-progs for rhel8\n[1.2-2]\n- buildah does not require ostree\n[1.2-1]\n- Vendor in latest containers/image\n- build-using-dockerfile: let -t include transports again\n- Block use of /proc/acpi and /proc/keys from inside containers\n- Fix handling of --registries-conf\n- Fix becoming a maintainer link\n- add optional CI test fo darwin\n- Don't pass a nil error to errors.Wrapf()\n- image filter test: use kubernetes/pause as a 'since'\n- Add --cidfile option to from\n- vendor: update containers/storage\n- Contributors need to find the CONTRIBUTOR.md file easier\n- Add a --loglevel option to build-with-dockerfile\n- Create Development plan\n- cmd: Code improvement\n- allow buildah cross compile for a darwin target\n- Add unused function param lint check\n- docs: Follow man-pages(7) suggestions for SYNOPSIS\n- Start using github.com/seccomp/containers-golang\n- umount: add all option to umount all mounted containers\n- runConfigureNetwork(): remove an unused parameter\n- Update github.com/opencontainers/selinux\n- Fix buildah bud --layers\n- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0\n- main: if unprivileged, reexec in a user namespace\n- Vendor in latest imagebuilder\n- Reduce the complexity of the buildah.Run function\n- mount: output it before replacing lastError\n- Vendor in latest selinux-go code\n- Implement basic recognition of the '--isolation' option\n- Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin\n- Run(): don't include any default environment variables\n- build without seccomp\n- vendor in latest runtime-tools\n- bind/mount_unsupported.go: remove import errors\n- Update github.com/opencontainers/runc\n- Add Capabilities lists to BuilderInfo\n- Tweaks for commit tests\n- commit: recognize committing to second storage locations\n- Fix ARGS parsing for run commands\n- Add info on registries.conf to from manpage\n- Switch from using docker to podman for testing in .papr\n- buildah: set the HTTP User-Agent\n- ONBUILD tutorial\n- Add information about the configuration files to the install docs\n- Makefile: add uninstall\n- Add tilde info for push to troubleshooting\n- mount: support multiple inputs\n- Use the right formatting when adding entries to /etc/hosts\n- Vendor in latest go-selinux bindings\n- Allow --userns-uid-map/--userns-gid-map to be global options\n- bind: factor out UnmountMountpoints\n- Run(): simplify runCopyStdio()\n- Run(): handle POLLNVAL results\n- Run(): tweak terminal mode handling\n- Run(): rename 'copyStdio' to 'copyPipes'\n- Run(): don't set a Pdeathsig for the runtime\n- Run(): add options for adding and removing capabilities\n- Run(): don't use a callback when a slice will do\n- setupSeccomp(): refactor\n- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers\n- Escape use of '_' in .md docs\n- Break out getProcIDMappings()\n- Break out SetupIntermediateMountNamespace()\n- Add Multi From Demo\n- Use the c/image conversion code instead of converting configs manually\n- Don't throw away the manifest MIME type and guess again\n- Consolidate loading manifest and config in initConfig\n- Pass a types.Image to Builder.initConfig\n- Require an image ID in importBuilderDataFromImage\n- Use c/image/manifest.GuessMIMEType instead of a custom heuristic\n- Do not ignore any parsing errors in initConfig\n- Explicitly handle 'from scratch' images in Builder.initConfig\n- Fix parsing of OCI images\n- Simplify dead but dangerous-looking error handling\n- Don't ignore v2s1 history if docker_version is not set\n- Add --rm and --force-rm to buildah bud\n- Add --all,-a flag to buildah images\n- Separate stdio buffering from writing\n- Remove tty check from images --format\n- Add environment variable BUILDAH_RUNTIME\n- Add --layers and --no-cache to buildah bud\n- Touch up images man\n- version.md: fix DESCRIPTION\n- tests: add containers test\n- tests: add images test\n- images: fix usage\n- fix make clean error\n- Change 'registries' to 'container registries' in man\n- add commit test\n- Add(): learn to record hashes of what we add\n- Minor update to buildah config documentation for entrypoint\n- Add registries.conf link to a few man pages\n[1.1-1]\n- Drop capabilities if running container processes as non root\n- Print Warning message if cmd will not be used based on entrypoint\n- Update 01-intro.md\n- Shouldn't add insecure registries to list of search registries\n- Report errors on bad transports specification when pushing images\n- Move parsing code out of common for namespaces and into pkg/parse.go\n- Add disable-content-trust noop flag to bud\n- Change freenode chan to buildah\n- runCopyStdio(): don't close stdin unless we saw POLLHUP\n- Add registry errors for pull\n- runCollectOutput(): just read until the pipes are closed on us\n- Run(): provide redirection for stdio\n- rmi, rm: add test\n- add mount test\n- Add parameter judgment for commands that do not require parameters\n- Add context dir to bud command in baseline test\n- run.bats: check that we can run with symlinks in the bundle path\n- Give better messages to users when image can not be found\n- use absolute path for bundlePath\n- Add environment variable to buildah --format\n- rm: add validation to args and all option\n- Accept json array input for config entrypoint\n- Run(): process RunOptions.Mounts, and its flags\n- Run(): only collect error output from stdio pipes if we created some\n- Add OnBuild support for Dockerfiles\n- Quick fix on demo readme\n- run: fix validate flags\n- buildah bud should require a context directory or URL\n- Touchup tutorial for run changes\n- Validate common bud and from flags\n- images: Error if the specified imagename does not exist\n- inspect: Increase err judgments to avoid panic\n- add test to inspect\n- buildah bud picks up ENV from base image\n- Extend the amount of time travis_wait should wait\n- Add a make target for Installing CNI plugins\n- Add tests for namespace control flags\n- copy.bats: check ownerships in the container\n- Fix SELinux test errors when SELinux is enabled\n- Add example CNI configurations\n- Run: set supplemental group IDs\n- Run: use a temporary mount namespace\n- Use CNI to configure container networks\n- add/secrets/commit: Use mappings when setting permissions on added content\n- Add CLI options for specifying namespace and cgroup setup\n- Always set mappings when using user namespaces\n- Run(): break out creation of stdio pipe descriptors\n- Read UID/GID mapping information from containers and images\n- Additional bud CI tests\n- Run integration tests under travis_wait in Travis\n- build-using-dockerfile: add --annotation\n- Implement --squash for build-using-dockerfile and commit\n- Vendor in latest container/storage for devicemapper support\n- add test to inspect\n- Vendor github.com/onsi/ginkgo and github.com/onsi/gomega\n- Test with Go 1.10, too\n- Add console syntax highlighting to troubleshooting page\n- bud.bats: print '' before checking its contents\n- Manage 'Run' containers more closely\n- Break Builder.Run()'s 'run runc' bits out\n- util.ResolveName(): handle completion for tagged/digested image names\n- Handle /etc/hosts and /etc/resolv.conf properly in container\n- Documentation fixes\n- Make it easier to parse our temporary directory as an image name\n- Makefile: list new pkg/ subdirectoris as dependencies for buildah\n- containerImageSource: return more-correct errors\n- API cleanup: PullPolicy and TerminalPolicy should be types\n- Make 'run --terminal' and 'run -t' aliases for 'run --tty'\n- Vendor github.com/containernetworking/cni v0.6.0\n- Update github.com/containers/storage\n- Update github.com/projectatomic/libpod\n- Add support for buildah bud --label\n- buildah push/from can push and pull images with no reference\n- Vendor in latest containers/image\n- Update gometalinter to fix install.tools error\n- Update troubleshooting with new run workaround\n- Added a bud demo and tidied up\n- Attempt to download file from url, if fails assume Dockerfile\n- Add buildah bud CI tests for ENV variables\n- Re-enable rpm .spec version check and new commit test\n- Update buildah scratch demo to support el7\n- Added Docker compatibility demo\n- Update to F28 and new run format in baseline test\n- Touchup man page short options across man pages\n- Added demo dir and a demo. chged distrorlease\n- builder-inspect: fix format option\n- Add cpu-shares short flag (-c) and cpu-shares CI tests\n- Minor fixes to formatting in rpm spec changelog\n- Fix rpm .spec changelog formatting\n- CI tests and minor fix for cache related noop flags\n- buildah-from: add effective value to mount propagation\n[1.0-1]\n- Remove buildah run cmd and entrypoint execution\n- Add Files section with registries.conf to pertinent man pages\n- Force 'localhost' as a default registry\n- Add --compress, --rm, --squash flags as a noop for bud\n- Add FIPS mode secret to buildah run and bud\n- Add config --comment/--domainname/--history-comment/--hostname\n- Add support for --iidfile to bud and commit\n- Add /bin/sh -c to entrypoint in config\n- buildah images and podman images are listing different sizes\n- Remove tarball as an option from buildah push --help\n- Update entrypoint behaviour to match docker\n- Display imageId after commit\n- config: add support for StopSignal\n- Allow referencing stages as index and names\n- Add multi-stage builds support\n- Vendor in latest imagebuilder, to get mixed case AS support\n- Allow umount to have multi-containers\n- Update buildah push doc\n- buildah bud walks symlinks\n- Imagename is required for commit atm, update manpage\n[0.16-3.git532e267]\n- Resolves: #1573681\n- built commit 532e267\n[0.16.0-2.git6f7d05b]\n- built commit 6f7d05b\n[0.16-1]\n- Add support for shell\n- Vendor in latest containers/image\n- \t docker-archive generates docker legacy compatible images\n-\t Do not create subdirectories for layers with no configs\n- \t Ensure the layer IDs in legacy docker/tarfile metadata are unique\n-\t docker-archive: repeated layers are symlinked in the tar file\n-\t sysregistries: remove all trailing slashes\n-\t Improve docker/* error messages\n-\t Fix failure to make auth directory\n-\t Create a new slice in Schema1.UpdateLayerInfos\n-\t Drop unused storageImageDestination.{image,systemContext}\n-\t Load a *storage.Image only once in storageImageSource\n-\t Support gzip for docker-archive files\n-\t Remove .tar extension from blob and config file names\n-\t ostree, src: support copy of compressed layers\n-\t ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size\n-\t image: fix docker schema v1 -> OCI conversion\n-\t Add /etc/containers/certs.d as default certs directory\n- Change image time to locale, add troubleshooting.md, add logo to other mds\n- Allow --cmd parameter to have commands as values\n- Document the mounts.conf file\n- Fix man pages to format correctly\n- buildah from now supports pulling images using the following transports:\n- docker-archive, oci-archive, and dir.\n- If the user overrides the storage driver, the options should be dropped\n- Show Config/Manifest as JSON string in inspect when format is not set\n- Adds feature to pull compressed docker-archive files\n[0.15-1]\n- Fix handling of buildah run command options\n[0.14-1]\n- If commonOpts do not exist, we should return rather then segfault\n- Display full error string instead of just status\n- Implement --volume and --shm-size for bud and from\n- Fix secrets patch for buildah bud\n- Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension\n[0.13-1.git99066e0]\n- use correct version\n[0.12-4.git99066e0]\n- enable debuginfo\n[0.12-3.git99066e0]\n- BR: libseccomp-devel\n[0.12-2.git99066e0]\n- Resolves: #1548535\n- built commit 99066e0\n[0.12-1]\n- Added handing for simpler error message for Unknown Dockerfile instructions.\n- Change default certs directory to /etc/containers/certs.dir\n- Vendor in latest containers/image\n- Vendor in latest containers/storage\n- build-using-dockerfile: set the 'author' field for MAINTAINER\n- Return exit code 1 when buildah-rmi fails\n- Trim the image reference to just its name before calling getImageName\n- Touch up rmi -f usage statement\n- Add --format and --filter to buildah containers\n- Add --prune,-p option to rmi command\n- Add authfile param to commit\n- Fix --runtime-flag for buildah run and bud\n- format should override quiet for images\n- Allow all auth params to work with bud\n- Do not overwrite directory permissions on --chown\n- Unescape HTML characters output into the terminal\n- Fix: setting the container name to the image\n- Prompt for un/pwd if not supplied with --creds\n- Make bud be really quiet\n- Return a better error message when failed to resolve an image\n- Update auth tests and fix bud man page\n[0.11-3.git49095a8]\n- Resolves: #1542236 - add ostree and bump runc dep\n[0.11-2.git49095a8]\n- rebased to 49095a83f8622cf69532352d183337635562e261\n[0.11-1]\n- Add --all to remove containers\n- Add --all functionality to rmi\n- Show ctrid when doing rm -all\n- Ignore sequential duplicate layers when reading v2s1\n- Lots of minor bug fixes\n- Vendor in latest containers/image and containers/storage\n[0.10-2]\n- Fix checkin\n[0.10-1]\n- Display Config and Manifest as strings\n- Bump containers/image\n- Use configured registries to resolve image names\n- Update to work with newer image library\n- Add --chown option to add/copy commands\n[0.9-2.git04ea079]\n- build for all arches\n[0.9-1]\n- Allow push to use the image id\n- Make sure builtin volumes have the correct label\n[0.8-1]\n- Buildah bud was failing on SELinux machines, this fixes this\n- Block access to certain kernel file systems inside of the container\n[0.7-1]\n- Ignore errors when trying to read containers buildah.json for loading SELinux reservations\n- Use credentials from kpod login for buildah\n- Adds support for converting manifest types when using the dir transport\n- Rework how we do UID resolution in images\n- Bump github.com/vbatts/tar-split\n- Set option.terminal appropriately in run\n[0.5-5.gitf7dc659]\n- revert building for s390x, it is intended for rhel 7.5\n[0.5-4]\n- Add requires for container-selinux\n[0.5-3.gitf7dc659]\n- build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234\n[0.5-2]\n- Bump github.com/vbatts/tar-split\n- Fixes CVE That could allow a container image to cause a DOS\n[0.5-1]\n- Add secrets patch to buildah\n- Add proper SELinux labeling to buildah run\n- Add tls-verify to bud command\n- Make filtering by date use the image's date\n- images: don't list unnamed images twice\n- Fix timeout issue\n- Add further tty verbiage to buildah run\n- Make inspect try an image on failure if type not specified\n- Add support for \n- Tons of bug fixes and code cleanup\n[0.4-2.git01db066]\n- bump to latest version\n- set GIT_COMMIT at build-time\n[0.4-1.git9cbccf88c]\n- Add default transport to push if not provided\n- Avoid trying to print a nil ImageReference\n- Add authentication to commit and push\n- Add information on buildah from man page on transports\n- Remove --transport flag\n- Run: do not complain about missing volume locations\n- Add credentials to buildah from\n- Remove export command\n- Run(): create the right working directory\n- Improve 'from' behavior with unnamed references\n- Avoid parsing image metadata for dates and layers\n- Read the image's creation date from public API\n- Bump containers/storage and containers/image\n- Don't panic if an image's ID can't be parsed\n- Turn on --enable-gc when running gometalinter\n- rmi: handle truncated image IDs\n[0.4-1.git9cbccf8]\n- bump to v0.4\n[0.3-4.gitb9b2a8a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.3-3.gitb9b2a8a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.3-2.gitb9b2a8a7e]\n- Bump for inclusion of OCI 1.0 Runtime and Image Spec\n[0.2.0-1.gitac2aad6]\n- buildah run: Add support for -- ending options parsing\n- buildah Add/Copy support for glob syntax\n- buildah commit: Add flag to remove containers on commit\n- buildah push: Improve man page and help information\n- buildah run: add a way to disable PTY allocation\n- Buildah docs: clarify --runtime-flag of run command\n- Update to match newer storage and image-spec APIs\n- Update containers/storage and containers/image versions\n- buildah export: add support\n- buildah images: update commands\n- buildah images: Add JSON output option\n- buildah rmi: update commands\n- buildah containers: Add JSON output option\n- buildah version: add command\n- buildah run: Handle run without an explicit command correctly\n- Ensure volume points get created, and with perms\n- buildah containers: Add a -a/--all option\n[0.1.0-2.git597d2ab9]\n- Release Candidate 1\n- All features have now been implemented.\n[0.0.1-1.git7a0a5333]\n- First package for Fedora\ncockpit-podman\n[11-1]\n- Fix Alert notification in Image Search Modal\n- Allow more than a single Error Notification for Container action errors\n- Various Alert cleanups\n- Translation updates\n- Related: RHELPLAN-25138\n[10-1]\n- Support for user containers\n- Show list of containers that use given image\n- Show placeholder while loading containers and images\n- Fix setting memory limit - bug 1732713\n- Add container Terminal - bug 1703245\n- Related: RHELPLAN-25138\nconmon\n[2:2.0.6-1]\n- update to 2.0.6\n- Related: RHELPLAN-25138\n[2:2.0.5-1]\n- update to 2.0.5\n- Related: RHELPLAN-25138\n[2:2.0.4-1]\n- update to 2.0.4 bugfix release\n- Related: RHELPLAN-25138\n[2:2.0.3-2.giteb5fa88]\n- BR: systemd-devel\n- Related: RHELPLAN-25138\n[2:2.0.3-1.giteb5fa88]\n- update to 2.0.3\n[2:2.0.2-0.1.dev.git422ce21]\n- build latest upstream master\n[2:2.0.0-2]\n- remove BR: go-md2man since no manpages yet\n[2:2.0.0-1]\ncontainer-selinux\n[2:2.124.0-1]\n- update to 2.124.0\n- Related: RHELPLAN-25138\n[2:2.123.0-2]\n- implement spec file refactoring by Zdenek Pytela, namely:\n Change the uninstall command in the %postun section of the specfile\n to use the %selinux_modules_uninstall macro which uses priority 200.\n Change the install command in the %post section if the specfile\n to use the %selinux_modules_install macro.\n Replace relabel commands with using the %selinux_relabel_pre and\n %selinux_relabel_post macros.\n Change formatting so that the lines are vertically aligned\n in the %postun section.\n (https://github.com/containers/container-selinux/pull/85)\n- Related: RHELPLAN-25138\n[2:2.123.0-1]\n- update to 2.123.0\n- Related: RHELPLAN-25138\n[2:2.122.0-1]\n- update to 2.122.0\n[2:2.119.0-3.gita233788]\n- update to master container-selinux - bug 1769469\n[2:2.119.0-2]\n- fix post scriptlet - fail if semodule fails - bug 1729272\n[2:2.119.0-1]\n- update to 2.119.0\n[2:2.116-1]\n- update to 2.116, bug 1748519\n[2:2.107-2]\n- Use at least selinux policy 3.14.3-9.el8,\n Resolves: #1728700\n[2:2.107-1]\n- Resolves: #1720654 - rebase to v2.107\n[2:2.89-1.git2521d0d]\n- bump to v2.89\n[2:2.75-1.git99e2cfd]\n- bump to v2.75\n- built commit 99e2cfd\n[2:2.74-1]\n- Resolves: #1641655 - bump to v2.74\n- built commit a62c2db\n[2:2.73-3]\n- tweak macro for fedora - applies to rhel8 as well\n[2:2.73-2]\n- moved changelog entries:\n- Define spc_t as a container_domain, so that container_runtime will transition\nto spc_t even when setup with nosuid.\n- Allow container_runtimes to setattr on callers fifo_files\n- Fix restorecon to not error on missing directory\n[2.69-3]\n- Make sure we pull in the latest selinux-policy\n[2.69-2]\n- Add map support to container-selinux for RHEL 7.5\n- Dontudit attempts to write to kernel_sysctl_t\n[2.68-1]\n- Add label for /var/lib/origin\n- Add customizable_file_t to customizable_types\n[2.67-1]\n- Add policy for container_logreader_t\n[2.66-1]\n- Allow dnsmasq to dbus chat with spc_t\n[2.64-1]\n- Allow containers to create all socket classes\n[2.62-1]\n- Label overlay directories under /var/lib/containers/ correctly\n[2.61-1]\n- Allow spc_t to load kernel modules from inside of container\n[2.60-1]\n- Allow containers to list cgroup directories\n- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.\n[2.58-2]\n- Run restorecon /usr/bin/podman in postinstall\n[2.58-1]\n- Add labels to allow podman to be run from a systemd unit file\n[2.57-1]\n- Set the version of SELinux policy required to the latest to fix build issues.\n[2.56-1]\n- Allow container_runtime_t to transition to spc_t over unlabeled files\n[2.55-1]\nAllow iptables to read container state\n Dontaudit attempts from containers to write to /proc/self\n Allow spc_t to change attributes on container_runtime_t fifo files\n[2.52-1]\n- Add better support for writing custom selinux policy for customer container domains.\n[2.51-1]\n- Allow shell_exec_t as a container_runtime_t entrypoint\n[2.50-1]\n- Allow bin_t as a container_runtime_t entrypoint\n[2.49-1]\n- Add support for MLS running container runtimes\n- Add missing allow rules for running systemd in a container\n[2.48-1]\n- Update policy to match master branch\n- Remove typebounds and replace with nnp_transition and nosuid_transition calls\n[2.41-1]\n- Add support to nnp_transition for container domains\n- Eliminates need for typebounds.\n[2.40-1]\n- Allow container_runtime_t to use user ttys\n- Fixes bounds check for container_t\n[2.39-1]\n- Allow container runtimes to use interited terminals. This helps\nsatisfy the bounds check of container_t versus container_runtime_t.\n[2.38-1]\n- Allow container runtimes to mmap container_file_t devices\n- Add labeling for rhel push plugin\n[2.37-1]\n- Allow containers to use inherited ttys\n- Allow ostree to handle labels under /var/lib/containers/ostree\n[2.36-1]\n- Allow containers to relabelto/from all file types to container_file_t\n[2.35-1]\n- Allow container to map chr_files labeled container_file_t\n[2.34-1]\n- Dontaudit container processes getattr on kernel file systems\n[2.33-1]\n- Allow containers to read /etc/resolv.conf and /etc/hosts if volume\n- mounted into container.\n[2.32-1]\n- Make sure users creating content in /var/lib with right labels\n[2.31-1]\n- Allow the container runtime to dbus chat with dnsmasq\n- add dontaudit rules for container trying to write to /proc\n[2.29-1]\n- Add support for lxcd\n- Add support for labeling of tmpfs storage created within a container.\n[2.28-1]\n- Allow a container to umount a container_file_t filesystem\n[2.27-1]\n- Allow container runtimes to work with the netfilter sockets\n- Allow container_file_t to be an entrypoint for VM's\n- Allow spc_t domains to transition to svirt_t\n[2.24-1]\n- Make sure container_runtime_t has all access of container_t\n[2.23-1]\n- Allow container runtimes to create sockets in tmp dirs\n[2.22-1]\n- Add additonal support for crio labeling.\n[2.21-3]\n- Fixup spec file conditionals\n[2:2.21-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[2.21-1]\n- Allow containers to execmod on container_share_t files.\n[2.20-2]\n- Relabel runc and crio executables\n[2.20-1]\n- Allow container processes to getsession\n[2:2.19-2.1]\n- update release tag to isolate from 7.3\n[2:2.19-1]\n- Fix mcs transition problem on stdin/stdout/stderr\n- Add labels for CRI-O\n- Allow containers to use tunnel sockets\n[2:2.15-1.1]\n- Resolves: #1451289\n- rebase to v2.15\n- built @origin/RHEL-1.12 commit 583ca40\n[2:2.10-2.1]\n- Make sure we have a late enough version of policycoreutils\n[2:2.10-1]\n- Update to the latest container-selinux patch from upstream\n- Label files under /usr/libexec/lxc as container_runtime_exec_t\n- Give container_t access to XFRM sockets\n- Allow spc_t to dbus chat with init system\n- Allow containers to read cgroup configuration mounted into a container\n[2:2.9-4]\n- Resolves: #1425574\n- built commit 79a6d70\n[2:2.9-3]\n- Resolves: #1420591\n- built @origin/RHEL-1.12 commit 8f876c4\n[2:2.9-2]\n- built @origin/RHEL-1.12 commit 33cb78b\n[2:2.8-2]\n-\n[2:2.7-1]\n- built origin/RHEL-1.12 commit 21dd37b\n[2:2.4-2]\n- correct version-release in changelog entries\n[2:2.4-1]\n- Add typebounds statement for container_t from container_runtime_t\n- We should only label runc not runc*\n[2:2.3-1]\n- Fix labeling on /usr/bin/runc.*\n- Add sandbox_net_domain access to container.te\n- Remove containers ability to look at /etc content\n[2:2.2-4]\n- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7\n[2:2.2-3]\n- properly disable docker module in %post\n[2:2.2-2]\n- depend on selinux-policy-targeted\n- relabel docker-latest* files as well\n[2:2.2-1]\n- bump to v2.2\n- additional labeling for ocid\n[2:2.0-2]\n- install policy at level 200\n- From: Dan Walsh \n[2:2.0-1]\n- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a\nstandalone package)\n- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel\n[2:1.12.4-29]\n- new package (separated from docker)\ncontainernetworking-plugins\n[0.8.3-4.0.1]\n- Disable debuginfo\n[0.8.3-4]\n- compile with no_openssl\n- Related: RHELPLAN-25138\n[0.8.3-3]\n- compile in FIPS mode\n- Related: RHELPLAN-25138\n[0.8.3-2]\n- be sure to use golang >= 1.12.12-4\n- Related: RHELPLAN-25138\n[0.8.3-1]\n- update to 0.8.3\n- Related: RHELPLAN-25138\n[0.8.1-2]\n- backport https://github.com/coreos/go-iptables/pull/62\n from Michael Cambria\n- Resolves: #1627561\n[0.8.1-1]\n- Resolves: #1720319 - bump to v0.8.1\n[0.7.5-1]\n- Resolves: #1616063\n- bump to v0.7.5\n[0.7.4-3.git9ebe139]\n- re-enable debuginfo\n[0.7.4-2.git9ebe139]\n- rebase, removed patch that is already upstream\n[0.7.3-7.git19f2f28]\n- go tools not in scl anymore\n[0.7.3-6.git19f2f28]\n- correct tag specification format in %gobuild macro\n[0.7.3-5.git19f2f28]\n- Resolves: #1616062 - patch to revert coreos/go-iptables bump\n[0.7.3-4.git19f2f28]\n- Resolves:#1603012\n- fix versioning, upstream got it wrong at 7.2\n[0.7.2-3.git19f2f28]\n- disable i686 temporarily for appstream builds\n- update golang deps and gobuild definition\n[0.7.2-2.git19f2f28]\n- rebase\n[0.7.0-103.gitdd8ff8a]\n- enable scl with the toolset\n[0.7.0-102.gitdd8ff8a]\n- remove devel and unittest subpackages\n- use new go-toolset deps\n[0.7.0-101]\n- rebase\n- patches already upstream, removed\n[0.6.0-6]\n- Imported from Fedora\n- Renamed CNI -> plugins\n[0.6.0-4]\n- Own the libexec cni directory\n[0.6.0-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[0.6.0-2]\n- skip settling IPv4 addresses\n[0.6.0-1]\n- rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9\n[0.5.2-7]\n- do not install to /opt (against Fedora Guidelines)\n[0.5.2-6]\n- Enable devel subpackage\n[0.5.2-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.5.2-4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.5.2-3]\n- excludearch: ppc64 as it's not in goarches anymore\n- re-enable s390x\n[0.5.2-2]\n- upstream moved to github.com/containernetworking/plugins\n- built commit dcf7368\n- provides: containernetworking-plugins\n- use vendored deps because they're a lot less of a PITA\n- excludearch: s390x for now (rhbz#1466865)\n[0.5.2-1]\n- Update to 0.5.2\n- Softlink to default /opt/cni/bin directories\n[0.5.1-1]\n- Initial package\nfuse-overlayfs\n[0.7.2-1]\n- update to 0.7.2\n- Related: RHELPLAN-25138\n[0.7-1]\n- update to 0.7\n- apply patch to fix build on RHEL-8\n- Related: RHELPLAN-25138\n[0.4.1-1]\n- Resolves: #1720654 - rebase to v0.4.1\n[0.3-2]\n- rebase\n- Resolves:#1666510\n[0.1-7.dev.git50c7a50]\n- Resolves: #1640232\n- built commit 50c7a50\n[0.1-6.dev.git1c72a1a]\n- Resolves: #1614856 - add manpage\n- built commit 1c72a1a\n- add BR: go-md2man\n[0.1-5.dev.gitd40ac75]\n- built commit d40ac75\n- remove fedora bz ids\n- Exclude ix86 and ppc64\n[0.1-4.dev.git79c70fd]\n- Resolves: #1609598 - initial upload to Fedora\n- bundled gnulib\n[0.1-3.dev.git79c70fd]\n- correct license field\n[0.1-2.dev.git79c70fd]\n- fix license\n[0.1-1.dev.git13575b6]\n- First package for Fedora\npodman\n[1.6.4-2.0.1]\n- delivering fix for [Orabug: 29874238] by Nikita Gerasimov \n[1.6.4-2]\n- apply fix for bug 1757845\n- Related: RHELPLAN-25138\n[1.6.4-1]\n- update to 1.6.4\n- Related: RHELPLAN-25138\n[1.6.3-6]\n- remove BR: device-mapper-devel, minor spec file changes\n- Related: RHELPLAN-25138\n[1.6.3-5]\n- Ensure volumes reacquire locks on state refresh (thanks Matt Heon)\n- Related: RHELPLAN-25138\n[1.6.3-4]\n- use the file events logger backend if systemd isn't available\n (thanks to Giuseppe Scrivano)\n- Related: RHELPLAN-25138\n[1.6.3-3]\n- require slirp4netns >= 0.4.0-1\n- Related: RHELPLAN-25138\n[1.6.3-2]\n- apply fix to not to fail gating tests:\n don't parse the config for cgroup-manager default\n- don't hang while on podman run --rm - bug 1767663\n[1.6.3-1]\n- update to podman 1.6.3\n- addresses CVE-2019-18466\n[1.6.2-6]\n- fix %gobuild macro to not to ignore BUILDTAGS\n[1.6.2-5]\n- use btrfs_noversion to really disable BTRFS support\n- amend/reuse BUILDTAGS\n- still keep device-mapper-devel BR otherwise build fails\n despite dm support being disabled (build scripting invokes\n pkg-config for devmapper which is shipped by the dm-devel\n package)\n[1.6.2-4]\n- disable BTRFS support\n[1.6.2-3]\n- split podman and conmon packages\n- drop BR: device-mapper-devel and update BRs in general\n[1.6.2-2]\n- drop oci-systemd-hook requirement\n- drop upstreamed CVE-2019-10214 patch\n[1.6.2-1]\n- update to podman 1.6.2\n[1.4.2-6]\n- fix build with --nocheck (#1721394)\n- escape commented out macros\n[1.4.2-5]\n- Fix CVE-2019-10214 (#1734649).\n[1.4.2-4]\n- update to latest conmon (Resolves: #1743685)\n[1.4.2-3]\n- update to v1.4.2-stable1\n- Resolves: #1741157\n[1.4.2-2]\n- Resolves: #1669197, #1705763, #1737077, #1671622, #1723879, #1730281,\n- Resolves: #1731117\n- built libpod v1.4.2-stable1\n[1.4.2-1]\n- Resolves: #1721638\n- bump to v1.4.2\n[1.4.1-4]\n- Resolves: #1720654 - update dep on libvarlink\n- Resolves: #1721247 - enable fips mode\n[1.4.1-3]\n- Resolves: #1720654 - podman requires podman-manpages\n- update dep on cni plugins >= 0.8.1-1\n[1.4.1-2]\n- Resolves: #1720654 - podman-manpages obsoletes podman < 1.4.1-2\n[1.4.1-1]\n- Resolves: #1720654 - bump to v1.4.1\n- bump conmon to v0.3.0\n[1.4.0-1]\n- Resolves: #1720654 - bump to v1.4.0\n[1.3.2-2]\n- Resolves: #1683217 - tests subpackage requires slirp4netns\n[1.3.2-1]\n- Resolves: #1707220 - bump to v1.3.2\n- built conmon v0.2.0\n[1.2.0-1.git3bd528e5]\n- package system tests, zsh completion. Update CI tests to use new -tests pkg\n[1.1.0-1.git006206a]\n- bump to v1.1.0\n[1.0.1-1.git2c74edd]\n- bump to v1.0.1\n[1.0.0-2.git921f98f]\n- rebase\n[1.0.0-1.git82e8011]\n- rebase to v1, yay!\n- rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2\n- Resolves:#1623282\n- python interface removed, moved to https://github.com/containers/python-podman/\n[0.12.1.2-4.git9551f6b]\n- re-enable debuginfo\n[0.12.1.2-3.git9551f6b]\n- python libraries added\n- resolves: #1657180\n[0.12.1.2-2.git9551f6b]\n- rebase\n[0.11.1.1-3.git594495d]\n- go tools not in scl anymore\n[0.11.1.1-2.git594495d]\n- fedora-like buildrequires go toolset\n[0.11.1.1-1.git594495d]\n- Resolves: #1636230 - build with FIPS enabled golang toolchain\n- bump to v0.11.1.1\n- built commit 594495d\n[0.11.1-3.gita4adfe5]\n- podman-docker provides docker\n- Resolves: #1650355\n[0.11.1-2.gita4adfe5]\n- Require platform-python-setuptools instead of python3-setuptools\n- Resolves: rhbz#1650144\n[0.11.1-1.gita4adfe5]\n- bump to v0.11.1\n- built libpod commit a4adfe5\n- built conmon from cri-o commit 464dba6\n[0.10.1.3-5.gitdb08685]\n- Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it\n- not having device-mapper-devel seems to have brew not recognize %{_unitdir}\n[0.10.1.3-4.gitdb08685]\n- Resolves: #1625384 - correctly add buildtags to remove devmapper\n[0.10.1.3-3.gitdb08685]\n- Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2\n[0.10.1.3-2.gitdb08685]\n- Resolves: #1625384 - depend on lvm2\n[0.10.1.3-1.gitdb08685]\n- Resolves: #1640298 - update vendored buildah to allow building when there are\nrunning containers\n- bump to v0.10.1.3\n- built podman commit db08685\n[0.10.1.2-1.git2b4f8d1]\n- Resolves: #1625378\n- bump to v0.10.1.2\n- built podman commit 2b4f8d1\n[0.10.1.1-1.git4bea3e9]\n- bump to v0.10.1.1\n- built podman commit 4bea3e9\n[0.10.1-1.gite4a1553]\n- bump podman to v0.10.1\n- built podman commit e4a1553\n- built conmon from cri-o commit a30f93c\n[0.9.3.1-4.git1cd906d]\n- rebased cri-o to 1.11.6\n[0.9.3.1-3.git1cd906d]\n- rebase\n[0.9.2-2.git37a2afe]\n- rebase to podman 0.9.2\n- rebase to cri-o 0.11.4\n[0.9.1.1-2.git123de30]\n- rebase\n[0.8.4-1.git9f9b8cf]\n- bump to v0.8.4\n- built commit 9f9b8cf\n- upstream username changed from projectatomic to containers\n- use containernetworking-plugins >= 0.7.3-5\n[0.8.2.1-2.git7a526bb]\n- Resolves: #1615607 - rebuild with gobuild tag 'no_openssl'\n[0.8.2.1-1.git7a526bb]\n- Upstream 0.8.2.1 release\n- Add support for podman-docker\nResolves: rhbz#1615104\n[0.8.2-1.dev.git8b2d38e]\n- Resolves: #1614710 - podman search name includes registry\n- bump to v0.8.2-dev\n- built libpod commit 8b2d38e\n- built conmon from cri-o commit acc0ee7\n[0.8.1-2.git6b4ab2a]\n- Add recommends for slirp4netns and container-selinux\n[0.8.1-2.git6b4ab2a]\n- bump to v0.8.1\n- use %go{build,generate} instead of go build and go generate\n- update go deps to use scl-ized builds\n- No need for Makefile patch for python installs\n[0.8.1-1.git6b4ab2a]\n- Bump to v0.8.1\n[0.7.4-2.git079121]\n- podman should not require atomic-registries\n[0.7.4-1.dev.git9a18681]\n- bump to v0.7.4-dev\n- built commit 9a18681\n[0.7.3-2.git079121]\n- Turn on ostree support\n- Upstream 0.7.3\n[0.7.2-2.git4ca4c5f]\n- Upstream 0.7.2 release\n[0.7.1-3.git84cfdb2]\n- rebuilt\n[0.7.1-2.git84cfdb2]\n- rebase to 84cfdb2\n[0.7.1-1.git802d4f2]\n- Upstream 0.7.1 release\n[0.6.4-2.gitd5beb2f]\n- disable devel and unittest subpackages\n- include conditionals for rhel-8.0\n[0.6.4-1.gitd5beb2f]\n- do not compress debuginfo with dwz to support delve debugger\n[0.6.1-3.git3e0ff12]\n- do not compress debuginfo with dwz to support delve debugger\n[0.6.1-2.git3e0ff12]\n- bash completion shouldn't have shebang\n[0.6.1-1.git3e0ff12]\n- Resolves: #1584429 - drop capabilities when running a container as non-root\n- bump to v0.6.1\n- built podman commit 3e0ff12\n- built conmon from cri-o commit 1c0c3b0\n- drop containernetworking-plugins subpackage, it's now split out into a standalone\npackage\n[0.4.1-4.gitb51d327]\n- Resolves: #1572538 - build host-device and portmap plugins\n[0.4.1-3.gitb51d327]\n- correct dep on containernetworking-plugins\n[0.4.1-2.gitb51d327]\n- add containernetworking-plugins v0.7.0 as a subpackage (podman dep)\n- release tag for the containernetworking-plugins is actually gotten from\npodman release tag.\n[0.4.1-1.gitb51d327]\n- bump to v0.4.1\n- built commit b51d327\n[0.3.3-1.dev.gitbc358eb]\n- built podman commit bc358eb\n- built conmon from cri-o commit 712f3b8\n[0.3.2-1.gitf79a39a]\n- Release 0.3.2-1\n[0.3.1-2.git98b95ff]\n- Correct RPM version\n[0.3.1-1-gitc187538]\n- Release 0.3.1-1\n[0.2.2-2.git525e3b1]\n- Build on ARMv7 too (Fedora supports containers on that arch too)\n[0.2.2-1.git525e3b1]\n- Release 0.2.2\n[0.2.1-1.git3d0100b]\n- Release 0.2.1\n[0.2-3.git3d0100b]\n- Add dep for atomic-registries\n[0.2-2.git3d0100b]\n- Add more 64bit arches\n- Add containernetworking-cni dependancy\n- Add iptables dependancy\n[0-2.1.git3d0100]\n- Release 0.2\n[0-0.3.git367213a]\n- Resolves: #1541554 - first official build\n- built commit 367213a\n[0-0.2.git0387f69]\n- built commit 0387f69\n[0-0.1.gitc1b2278]\n- First package for Fedora\npython-podman-api\n[1.2.0-0.2.gitd0a45fe]\n- revert update to 1.6.0 due to new python3-pbr dependency which\n is not in RHEL\n- Related: RHELPLAN-25138\n[1.2.0-0.1.gitd0a45fe]\n- Initial package\nrunc\n[1.0.0-64.rc9]\n- use no_openssl in BUILDTAGS (no vendored crypto in runc)\n- Related: RHELPLAN-25138\n[1.0.0-63.rc9]\n- be sure to use golang >= 1.12.12-4\n- Related: RHELPLAN-25138\n[1.0.0-62.rc9]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Related: RHELPLAN-25138\n[1.0.0-61.rc9]\n- update to runc 1.0.0-rc9 release\n- amend golang deps\n- fixes CVE-2019-16884\n[1.0.0-60.rc8]\n- Resolves: #1721247 - enable fips mode\n[1.0.0-59.rc8]\n- Resolves: #1720654 - rebase to v1.0.0-rc8\n[1.0.0-57.rc5.dev.git2abd837]\n- Resolves: #1693424 - podman rootless: cannot specify gid= mount options\n[1.0.0-56.rc5.dev.git2abd837]\n- change-default-root patch not needed as there's no docker on rhel8\n[1.0.0-55.rc5.dev.git2abd837]\n- Resolves: CVE-2019-5736\n[1.0.0-54.rc5.dev.git2abd837]\n- re-enable debuginfo\n[1.0.0-53.rc5.dev.git2abd837]\n- go toolset not in scl anymore\n[1.0.0-52.rc5.dev.git2abd837]\n- rebase\n[2:1.0.0-51.dev.gitfdd8055]\n- Fix handling of tmpcopyup\n[2:1.0.0-49.rc5.dev.gitb4e2ecb]\n- %gobuild uses no_openssl\n- remove unused devel and unit-test subpackages\n[2:1.0.0-48.rc5.dev.gitad0f525]\n- build with %gobuild\n- exlude i686 temporarily because of go-toolset issues\n[1.0.0-47.dev.gitb4e2ecb]\n- Rebuild with fixed binutils\n[2:1.0.0-46.dev.gitb4e2ecb]\n- Add patch https://github.com/opencontainers/runc/pull/1807 to allow\n- runc and podman to work with sd_notify\n[2:1.0.0-40.rc5.dev.gitad0f525]\n- Remove sysclt handling, not needed in RHEL8\n- Make sure package built with seccomp flags\n- Remove rectty\n- Add completions\n[2:1.0.0-36.rc5.dev.gitad0f525]\n- Better handling of user namespace\n[2:1.0.0-31.rc5.git0cbfd83]\n- Fix issues between SELinux and UserNamespace\n[1.0.0-27.rc5.dev.git4bb1fe4]\n- rebuilt, placed missing changelog entry back\n[2:1.0.0-26.rc5.git4bb1fe4]\n- release v1.0.0~rc5\n[1.0.0-26.rc4.git9f9c962]\n- Bump to the latest from upstream\n[1.0.0-25.rc4.gite6516b3]\n- built commit e6516b3\n[1.0.0-24.rc4.dev.gitc6e4a1e.1]\n- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f\n- https://github.com/opencontainers/runc/pull/1651\n[1.0.0-23.rc4.git1d3ab6d]\n- Resolves: #1524654\n[1.0.0-22.rc4.git1d3ab6d]\n- Many Stability fixes\n- Many fixes for rootless containers\n- Many fixes for static builds\n[1.0.0-21.rc4.dev.gitaea4f21]\n- enable debuginfo and include -buildmode=pie for go build\n[1.0.0-20.rc4.dev.gitaea4f21]\n- use Makefile\n[1.0.0-19.rc4.dev.gitaea4f21]\n- disable debuginfo temporarily\n[1.0.0-18.rc4.dev.gitaea4f21]\n- enable debuginfo\n[1.0.0-17.rc4.gitaea4f21]\n- Add container-selinux prerequires to make sure runc is labeled correctly\n[1.0.0-16.rc4.dev.gitaea4f21]\n- correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD\n[1.0.0-15.rc4dev.gitaea4f21]\n- Use the same checkout as Fedora for lates CRI-O\n[1.0.0-14.rc4dev.git84a082b]\n- rebase to 84a082bfef6f932de921437815355186db37aeb1\n[1.0.0-13.rc3.gitd40db12]\n- Resolves: #1479489\n- built commit d40db12\n[1.0.0-12.1.gitf8ce01d]\n- disable s390x temporarily because of indefinite wait times on brew\n[1.0.0-11.1.gitf8ce01d]\n- correct previous bogus date :\n[1.0.0-10.1.gitf8ce01d]\n- Resolves: #1441737 - run sysctl_apply for sysctl knob\n[1.0.0-9.1.gitf8ce01d]\n- Resolves: #1447078 - change default root path\n- add commit e800860 from runc @projectatomic/change-root-path\n[1.0.0-8.1.gitf8ce01d]\n- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts\n[1.0.0-7.1.gitf8ce01d]\n- Resolves: #1429675\n- built @opencontainers/master commit f8ce01d\n[1.0.0-4.1.gitee992e5]\n- built @projectatomic/master commit ee992e5\n[1.0.0-3.rc2]\n- Resolves: #1426674\n- built projectatomic/runc_rhel_7 commit 5d93f81\n[1.0.0-2.rc2]\n- Resolves: #1419702 - rebase to latest upstream master\n- built commit b263a43\n[1.0.0-1.rc2]\n- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,\nrunc patch from Michael Crosby \n[0.1.1-6]\n- Resolves: #1373980 - rebuild for 7.3.0\n[0.1.1-5]\n- build with golang >= 1.6.2\n[0.1.1-4]\n- release tags were inconsistent in the previous build\n[0.1.1-1]\n- Resolves: #1341267 - rebase runc to v0.1.1\n[0.1.0-3]\n- add selinux build tag\n- add BR: libseccomp-devel\n[0.1.0-2]\n- Resolves: #1328970 - add seccomp buildtag\n[0.1.0-1]\n- Resolves: rhbz#1328616 - rebase to v0.1.0\n[0.0.8-1.git4155b68]\n- Resolves: rhbz#1277245 - bump to 0.0.8\n- Resolves: rhbz#1302363 - criu is a runtime dep\n- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps\n- manpages included\n[1:0.0.5-0.1.git97bc9a7]\n- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2\n[0.2-0.2.git90e6d37]\n- First package for Fedora\n resolves: #1255179\nskopeo\n[0.1.40-8.0.1]\n- Add oracle registry into the conf file [Orabug: 29845934]\n- Fix oracle registry login issues [Orabug: 29937192]\n[1:0.1.40-8]\n- change the search order of registries and remove quay.io (#1784267)\n[1:0.1.40-7]\n- compile in FIPS mode\n- Related: RHELPLAN-25138\n[1:0.1.40-6]\n- be sure to use golang >= 1.12.12-4\n- Related: RHELPLAN-25138\n[1:0.1.40-5]\n- fix file list\n- Related: RHELPLAN-25138\n[1:0.1.40-4]\n- add missing source files to git\n- Related: RHELPLAN-25138\n[1:0.1.40-3]\n- rebuild because of CVE-2019-9512 and CVE-2019-9514\n- Related: RHELPLAN-25138\n[1:0.1.40-2]\n- comment out mountopt option in order to fix gating tests\n see bug 1769769\n[1:0.1.40-1]\n- update to 0.1.40\n[1:0.1.37-5]\n- Fix CVE-2019-10214 (#1734651).\n[1:0.1.37-4]\n- fix permissions of rhel/secrets\n Resolves: #1691543\n[1:0.1.37-3]\n- Resolves: #1719994 - add registry.access.redhat.com to registries.conf\n[1:0.1.37-2]\n- Resolves: #1721247 - enable fips mode\n[1:0.1.37-1]\n- Resolves: #1720654 - rebase to v0.1.37\n[1:0.1.36-1.git6307635]\n- built upstream tag v0.1.36, including system tests\n[1:0.1.32-4.git1715c90]\n- Fixes @openshift/machine-config-operator#669\n- install /etc/containers/oci/hooks.d and /etc/containers/certs.d\n[1:0.1.32-3.git1715c90]\n- rebase\n[1:0.1.32-2.git1715c90]\n- re-enable debuginfo\n[1:0.1.31-12.gitb0b750d]\n- go tools not in scl anymore\n[1:0.1.31-11.gitb0b750d]\n- Resolves: #1615609\n- built upstream tag v0.1.31\n[1:0.1.31-10.git0144aa8]\n- Resolves: #1616069 - correct order of registries\n[1:0.1.31-9.git0144aa8]\n- Resolves: #1615609 - rebuild with gobuild tag 'no_openssl'\n[1:0.1.31-8.git0144aa8]\n- Resolves: #1614934 - containers-common soft dep on slirp4netns and\nfuse-overlayfs\n[1:0.1.31-7.git0144aa8]\n- build with %gobuild\n- use scl-ized go-toolset as dep\n- disable i686 builds temporarily because of go-toolset issues\n[1:0.1.31-6.git0144aa8]\n- add statx to seccomp.json to containers-config\n- add seccomp.json to containers-config\n[1:0.1.31-4.git0144aa8]\n- Resolves: #1597629 - handle dependency issue for skopeo-containers\n- rename skopeo-containers to containers-common as in Fedora\n[1:0.1.31-3.git0144aa8]\n- Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs\nbuildtag\n[1:0.1.31-2.git0144aa8]\n- correct bz in previous changelog\n[1:0.1.31-1.git0144aa8]\n- Resolves: #1580938 - resolve FTBFS\n- Resolves: #1583762 - remove dependency on btrfs-progs-devel\n- bump to v0.1.31 (from master)\n- built commit ca3bff6\n- use go-toolset deps for rhel8\n[0.1.29-5.git7add6fc]\n- Fix small typo in registries.conf\n[0.1.29-4.git]\n- Add policy.json.5\n[0.1.29-3.git]\n- Add registries.conf\n[0.1.29-2.git]\n- Add registries.conf man page\n[0.1.29-1.git]\n- bump to 0.1.29-1\n- Updated containers/image\n docker-archive generates docker legacy compatible images\n Do not create subdirectories for layers with no configs\n Ensure the layer IDs in legacy docker/tarfile metadata are unique\n docker-archive: repeated layers are symlinked in the tar file\n sysregistries: remove all trailing slashes\n Improve docker/* error messages\n Fix failure to make auth directory\n Create a new slice in Schema1.UpdateLayerInfos\n Drop unused storageImageDestination.{image,systemContext}\n Load a *storage.Image only once in storageImageSource\n Support gzip for docker-archive files\n Remove .tar extension from blob and config file names\n ostree, src: support copy of compressed layers\n ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size\n image: fix docker schema v1 -> OCI conversion\n Add /etc/containers/certs.d as default certs directory\n[0.1.28-2.git0270e56]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild\n[0.1.28-1.git]\n- Vendor in fixed libraries in containers/image and containers/storage\n[0.1.27-1.git]\n- Fix Conflicts to Obsoletes\n- Add better docs to man pages.\n- Use credentials from authfile for skopeo commands\n- Support storage='' in /etc/containers/storage.conf\n- Add global --override-arch and --override-os options\n[0.1.25-2.git2e8377a7]\n- Add manifest type conversion to skopeo copy\n- User can select from 3 manifest types: oci, v2s1, or v2s2\n- e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory\n[0.1.25-2.git7fd6f66b]\n- Force storage.conf to default to overlay\n[0.1.25-1.git7fd6f66b]\n- Fix CVE in tar-split\n- copy: add shared blob directory support for OCI sources/destinations\n- Aligning Docker version between containers/image and skopeo\n- Update image-tools, and remove the duplicate Sirupsen/logrus vendor\n- makefile: use -buildmode=pie\n[0.1.24-8.git28d4e08a]\n- Add /usr/share/containers/mounts.conf\n[0.1.24-7.git28d4e08a]\n- Bug fixes\n- Update to release\n[0.1.24-6.dev.git28d4e08]\n- skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31\n[0.1.24-5.dev.git28d4e08]\n- Add rhel subscription secrets data to skopeo-containers\n[0.1.24-4.dev.git28d4e08]\n- Update container/storage.conf and containers-storage.conf man page\n- Default override to true so it is consistent with RHEL.\n[0.1.24-3.dev.git28d4e08]\n- built commit 28d4e08\n[0.1.24-2.dev.git875dd2e]\n- built commit 875dd2e\n- Resolves: gh#416\n[0.1.24-1.dev.gita41cd0]\n- bump to 0.1.24-dev\n- correct a prior bogus date\n- fix macro in comment warning\n[0.1.23-6.dev.git1bbd87]\n- Change name of storage.conf.5 man page to containers-storage.conf.5, since\nit conflicts with inn package\n- Also remove default to 'overalay' in the configuration, since we should\n- allow containers storage to pick the best default for the platform.\n[0.1.23-5.git1bbd87f]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[0.1.23-4.git1bbd87f]\n- Rebuild with binutils fix for ppc64le (#1475636)\n[0.1.23-3.git1bbd87f]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[0.1.23-2.dev.git1bbd87]\n- Fix storage.conf man page to be storage.conf.5.gz so that it works.\n[0.1.23-1.dev.git1bbd87]\n- Support for OCI V1.0 Images\n- Update to image-spec v1.0.0 and revendor\n- Fixes for authentication\n[0.1.22-2.dev.git5d24b67]\n- Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1\n[0.1.22-1.dev.git5d24b67]\n- Give more useful help when explaining usage\n- Also specify container-storage as a valid transport\n- Remove docker reference wherever possible\n- vendor in ostree fixes\n[0.1.21-1.dev.git0b73154]\n- Add support for storage.conf and storage-config.5.md from github container storage package\n- Bump to the latest version of skopeo\n- vendor.conf: add ostree-go\n- it is used by containers/image for pulling images to the OSTree storage.\n- fail early when image os does not match host os\n- Improve documentation on what to do with containers/image failures in test-skopeo\n- We now have the docker-archive: transport\n- Integration tests with built registries also exist\n- Support /etc/docker/certs.d\n- update image-spec to v1.0.0-rc6\n[0.1.20-1.dev.git0224d8c]\n- BZ #1380078 - New release\n[0.1.19-2.dev.git0224d8c]\n- No golang support for ppc64. Adding exclude arch. BZ #1445490\n[0.1.19-1.dev.git0224d8c]\n- bump to v0.1.19-dev\n- built commit 0224d8c\n[0.1.17-3.dev.git2b3af4a]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[0.1.17-2.dev.git2b3af4a]\n- Rebuild for gpgme 1.18\n[0.1.17-1.dev.git2b3af4a]\n- bump to 0.1.17-dev\n[0.1.14-6.git550a480]\n- Fix BZ#1391932\n[0.1.14-5.git550a480]\n- Conflicts with atomic in skopeo-containers\n[0.1.14-4.git550a480]\n- built skopeo-containers\n[0.1.14-3.gitd830391]\n- built mtrmac/integrate-all-the-things commit d830391\n[0.1.14-2.git362bfc5]\n- built commit 362bfc5\n[0.1.14-1.gitffe92ed]\n- build origin/master commit ffe92ed\n[0.1.13-6]\n- https://fedoraproject.org/wiki/Changes/golang1.7\n[0.1.13-5]\n- include go-srpm-macros and compiler(go-compiler) in fedora conditionals\n- define %gobuild if not already\n- add patch to build with older version of golang\n[0.1.13-4]\n- update to v0.1.12\n[0.1.12-3]\n- fix go build source path\n[0.1.12-2]\n- update to v0.1.12\n[0.1.11-1]\n- update to v0.1.11\n[0.1.10-1]\n- update to v0.1.10\n- change runcom -> projectatomic\n[0.1.9-1]\n- update to v0.1.9\n[0.1.8-1]\n- update to v0.1.8\n[0.1.4-2]\n- https://fedoraproject.org/wiki/Changes/golang1.6\n[0.1.4]\n- First package for Fedora\nslirp4netns\n[0.4.2-2.git21fdece]\n- Fix CVE-2020-7039.\n- Related: RHELPLAN-25138\n[0.4.2-1.git21fdece]\n- update to latest 0.4.2, fixes bug 1763454\n- Related: RHELPLAN-25138\n[0.4.0-2]\n- add new BR: libseccomp-devel\n[0.4.0-1]\n- update to v.0.4.0\n- sync with fedora spec\n- drop applied CVE-2019-14378 patch\n[0.3.0-4]\n- Fix CVE-2019-14378 (#1755595).\n[0.3.0-3]\n- Resolves: #1683217 - BR: glib2-devel\n[0.3.0-2]\n- Resolves: #1683217 - bump slirp4netns to v0.3.0\n[0.3.0-1.alpha.2.git30883b5]\n- bump to v0.3.0-alpha.2\n[0.1-2.dev.gitc4e1bc5]\n- changed summary\n[0.1-1.dev.gitc4e1bc5]\n- First package for RHEL 8\n- import from Fedora rawhide\n- Exclude ix86 and ppc64\ntoolbox\n[0.0.4-1.el8]\n- Update for rhel8.1 container-tools module\n[0.0.4-1.rhaos4.2.el8]\n- Add help switch per RHBZ#1684258\n- Spec fixes found by rpmlint\n[0.0.3-1.rhaos4.1.el8]\n- Use rhel8/support-tools\n[0.0.2-1.rhaos4.1.el8]\n- Add runlabel options and fix default image\n[0.0.1-1.rhaos4.1.el8]\n- Initial Specfile for Red Hat CoreOS Toolbox\nudica\n[0.2.1-2]\n- initial import to container-tools 8.2.0\n- Related: RHELPLAN-25139\n[0.2.1-1]\n- New rebase https://github.com/containers/udica/releases/tag/v0.2.0\nResolves: rhbz#1757693\n[0.2.0-1]\n- New rebase https://github.com/containers/udica/releases/tag/v0.2.0\nResolves: rhbz#1757693", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-17T00:00:00", "type": "oraclelinux", "title": "container-tools:ol8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9962", "CVE-2019-10214", "CVE-2019-14378", "CVE-2019-16884", "CVE-2019-18466", "CVE-2019-5736", "CVE-2019-9512", "CVE-2019-9514", "CVE-2020-7039"], "modified": "2020-02-17T00:00:00", "id": "ELSA-2020-0348", "href": "http://linux.oracle.com/errata/ELSA-2020-0348.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:34", "description": "[15:4.2.1-4.el7]\n- Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723}\n- hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}\n- i386: Add 2nd Generation AMD EPYC processors (Moger, Babu) [Orabug: 32217570]\n- libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}\n- Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} {CVE-2020-25625}\n- pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]\n- ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}\n- Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]\n- Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda) \n- migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng) \n- migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng) \n- migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng) \n- migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng) \n- migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng) \n- migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng) \n- migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng) \n- migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng) \n- migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng) \n- migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng) \n- migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng) \n- migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng) \n- migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng) \n- migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng) \n- ram_addr: Split RAMBlock definition (Juan Quintela)\n[15:4.2.1-3.el7]\n- qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789]\n- qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763]\n- hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}\n- hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}\n- hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}\n- hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}\n- qemu.spec: Enable '-Werror' for OL7 builds (Mark Kanda) [Orabug: 31922718]\n- usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}\n- Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}\n[15:4.2.1-2.el7]\n- hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}\n- hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}\n- migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256]\n- virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255]\n- pvpanic: implement crashloaded event handling (Zhenwei Pi) [Orabug: 31677154]\n- pvpanic: introduce crashloaded for pvpanic (Zhenwei Pi) [Orabug: 31677154]\n[15:4.2.1-1.el7]\n- hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}\n- hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336]\n- hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}\n- hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336]\n- hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336]\n- libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}\n- Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}\n- Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}\n- qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035]\n- qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035]\n- qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035]\n- vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035]\n- parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035]\n- virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035]\n- qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035]\n- qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035]\n- bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035]\n- kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035]\n- 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035]\n- exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}\n- megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}\n- memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}\n[15:4.1.1-3.el7]\n- buildrpm/spec files: Dont package elf2dmp (Karl Heubaum) [Orabug: 31657424]\n- qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424]\n- qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424]\n[15:4.1.1-2.el7]\n- Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}\n- kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399]\n- kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399]\n- target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710]\n- target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710]\n- ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}\n- es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}\n- ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}\n- libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}\n- Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}\n- libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}\n- target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041]\n- qemu-img: Add --target-is-zero to convert (David Edmondson) \n- vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}\n- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}\n- qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047]\n[15:4.1.1-1.el7]\n- qemu-submodule-init: Add Git submodule init script", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.8}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10806", "CVE-2017-11334", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-13711", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15119", "CVE-2017-15124", "CVE-2017-15268", "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-17381", "CVE-2017-18030", "CVE-2017-18043", "CVE-2017-2630", "CVE-2017-2633", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5931", "CVE-2017-6058", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9503", "CVE-2017-9524", "CVE-2018-10839", "CVE-2018-11806", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-12617", "CVE-2018-15746", "CVE-2018-16847", "CVE-2018-16867", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-17962", "CVE-2018-17963", "CVE-2018-18849", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20123", "CVE-2018-20124", "CVE-2018-20125", "CVE-2018-20126", "CVE-2018-20191", "CVE-2018-20216", "CVE-2018-20815", "CVE-2018-3639", "CVE-2018-5683", "CVE-2018-7550", "CVE-2018-7858", "CVE-2019-11091", "CVE-2019-12068", "CVE-2019-12155", "CVE-2019-14378", "CVE-2019-15034", "CVE-2019-15890", "CVE-2019-20382", "CVE-2019-3812", "CVE-2019-5008", "CVE-2019-6501", "CVE-2019-6778", "CVE-2019-8934", "CVE-2019-9824", "CVE-2020-10702", "CVE-2020-10756", "CVE-2020-10761", "CVE-2020-11102", "CVE-2020-11869", "CVE-2020-12829", "CVE-2020-13253", "CVE-2020-13361", "CVE-2020-13362", "CVE-2020-13659", "CVE-2020-13754", "CVE-2020-13765", "CVE-2020-13791", "CVE-2020-13800", "CVE-2020-14364", "CVE-2020-14415", "CVE-2020-15863", "CVE-2020-16092", "CVE-2020-1711", "CVE-2020-1983", "CVE-2020-25084", "CVE-2020-25624", "CVE-2020-25625", "CVE-2020-25723", "CVE-2020-27616", "CVE-2020-28916", "CVE-2020-29129", "CVE-2020-29130", "CVE-2020-8608"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9034", "href": "http://linux.oracle.com/errata/ELSA-2021-9034.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:38:00", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-07T12:47:56", "type": "redhat", "title": "(RHSA-2019:3787) Important: qemu-kvm-rhev security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378"], "modified": "2019-11-07T12:57:37", "id": "RHSA-2019:3787", "href": "https://access.redhat.com/errata/RHSA-2019:3787", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:35:55", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* ccid: Fix incorrect dwProtocol advertisement of T=0 (BZ#1729880)\n\n* QEMU gets stuck on resume/cont call from libvirt (BZ#1741937)\n\n* [v2v] Migration performance regression (BZ#1743322)\n\n* qemu, qemu-img fail to detect alignment with XFS and Gluster/XFS on 4k block device (BZ#1745443)\n\n* qemu-kvm: backport cpuidle-haltpoll support (BZ#1746282)\n\n* qemu aborts in blockCommit: qemu-kvm: block.c:3486 (BZ#1750322)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-22T15:12:07", "type": "redhat", "title": "(RHSA-2019:3179) Important: qemu-kvm-rhev security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378"], "modified": "2019-10-23T08:37:37", "id": "RHSA-2019:3179", "href": "https://access.redhat.com/errata/RHSA-2019:3179", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:31", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-06T15:01:04", "type": "redhat", "title": "(RHSA-2019:3742) Important: qemu-kvm-rhev security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378"], "modified": "2019-11-06T15:05:21", "id": "RHSA-2019:3742", "href": "https://access.redhat.com/errata/RHSA-2019:3742", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:48", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* After host update, older windows clients have large time drift (BZ#1639098)\n\n* [v2v] Migration performance regression (BZ#1648622)\n\n* Live storage migration fails with: TimeoutError: Timed out during operation: cannot acquire state change lock (held by monitor=remoteDispatchConnectGetAllDomainStats) and the VM becomes 'Not Responding' (BZ#1665256)\n\n* QEMU gets stuck on resume/cont call from libvirt (BZ#1673546)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm-rhev (BZ#1709972)\n\n* qemu aborts in blockCommit: qemu-kvm: block.c:3486: bdrv_replace_node: Assertion `!({ _Static_assert(!(sizeof(*&from->in_flight) > 8), \"not expecting: \" \"sizeof(*&from->in_flight) > ATOMIC_REG_SIZE\"); __atomic_load_n(&from->in_flight, 0); })' failed. (BZ#1711643)\n\n* ccid: Fix incorrect dwProtocol advertisement of T=0 (BZ#1721522)\n\n* Fail to migrate a rhel6.10-mt7.6 guest with dimm device (BZ#1724048)\n\n* qemu-kvm: backport cpuidle-haltpoll support (BZ#1734502)\n\n* qemu, qemu-img fail to detect alignment with XFS and Gluster/XFS on 4k block device (BZ#1743365)\n\n* ISST-LTE:RHV4.3 on RHEL7.6 kvm host:Power8:Tuleta-L:lotg7: call traces dumped on guest while performing guest migration (qemu-kvm-rhev) (BZ#1743508)\n\n* qemu coredump: qemu-kvm: block/create.c:68: qmp_blockdev_create: Assertion `drv' failed (BZ#1746224)\n\n* [Data plane]virtio_scsi_ctx_check: Assertion `blk_get_aio_context(d->conf.blk) == s->ctx' failed when unplug a device that running block stream on it (BZ#1764120)\n\n* qemu-kvm crashes when Windows VM is migrated with multiqueue (BZ#1775251)\n\nEnhancement(s):\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm-rhev (BZ#1716726)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-31T14:08:10", "type": "redhat", "title": "(RHSA-2020:1216) Important: qemu-kvm-rhev security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378", "CVE-2020-1711"], "modified": "2020-03-31T14:19:44", "id": "RHSA-2020:1216", "href": "https://access.redhat.com/errata/RHSA-2020:1216", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:35:42", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-09-03T13:20:18", "type": "redhat", "title": "(RHSA-2019:2607) Low: qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155"], "modified": "2019-09-03T15:40:31", "id": "RHSA-2019:2607", "href": "https://access.redhat.com/errata/RHSA-2019:2607", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:40:26", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-26T10:36:41", "type": "redhat", "title": "(RHSA-2019:3968) Important: qemu-kvm-ma security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378"], "modified": "2019-11-26T13:06:10", "id": "RHSA-2019:3968", "href": "https://access.redhat.com/errata/RHSA-2019:3968", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:31", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-11T20:37:04", "type": "redhat", "title": "(RHSA-2020:2065) Important: qemu-kvm-ma security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378"], "modified": "2020-05-11T20:53:35", "id": "RHSA-2020:2065", "href": "https://access.redhat.com/errata/RHSA-2020:2065", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:25", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-13T06:59:16", "type": "redhat", "title": "(RHSA-2020:2126) Important: qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378"], "modified": "2020-05-13T07:13:43", "id": "RHSA-2020:2126", "href": "https://access.redhat.com/errata/RHSA-2020:2126", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:24", "description": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-05T17:52:13", "type": "redhat", "title": "(RHSA-2019:3494) Important: container-tools:1.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2019-11-05T19:46:27", "id": "RHSA-2019:3494", "href": "https://access.redhat.com/errata/RHSA-2019:3494", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:43", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s):\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-04T17:46:54", "type": "redhat", "title": "(RHSA-2020:0366) Important: qemu-kvm security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-04T18:17:25", "id": "RHSA-2020:0366", "href": "https://access.redhat.com/errata/RHSA-2020:0366", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:50", "description": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)\n\n* QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-05T17:33:34", "type": "redhat", "title": "(RHSA-2019:3345) Low: virt:rhel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12155", "CVE-2019-9755", "CVE-2019-9824"], "modified": "2019-11-05T19:47:18", "id": "RHSA-2019:3345", "href": "https://access.redhat.com/errata/RHSA-2019:3345", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:38:39", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)\n\n* QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-10T11:01:33", "type": "redhat", "title": "(RHSA-2020:0775) Important: qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2019-15890", "CVE-2020-7039"], "modified": "2020-03-10T11:13:24", "id": "RHSA-2020:0775", "href": "https://access.redhat.com/errata/RHSA-2020:0775", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:55", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages\n\n* CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()\n\n* CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly\n\nThis update fixes the following bug:\n\n* BZ 1804577 Backport: Passthrough host CPU microcode version to KVM guest if using CPU passthrough to RHEL 7.7/7.8 [rhel-7.6.z] \n\nUsers of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-06-01T06:30:12", "type": "redhat", "title": "(RHSA-2020:2342) Important: qemu-kvm-rhev bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2020-7039", "CVE-2020-8608"], "modified": "2020-06-01T06:36:29", "id": "RHSA-2020:2342", "href": "https://access.redhat.com/errata/RHSA-2020:2342", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:35:38", "description": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-05T17:41:57", "type": "redhat", "title": "(RHSA-2019:3403) Important: container-tools:rhel8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378", "CVE-2019-9946"], "modified": "2021-02-02T08:06:31", "id": "RHSA-2019:3403", "href": "https://access.redhat.com/errata/RHSA-2019:3403", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:22", "description": "The slirp4netns package contains user-mode networking for unprivileged network namespaces. It is required to enable networking for rootless containers.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)\n\n* CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages\n\n* CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-17T17:40:28", "type": "redhat", "title": "(RHSA-2020:0889) Important: slirp4netns security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14378", "CVE-2019-15890", "CVE-2020-7039", "CVE-2020-8608"], "modified": "2020-03-17T17:48:43", "id": "RHSA-2020:0889", "href": "https://access.redhat.com/errata/RHSA-2020:0889", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:36:28", "description": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806)\n\n* QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778)\n\n* QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839)\n\n* QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962)\n\n* QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-09-24T12:48:33", "type": "redhat", "title": "(RHSA-2019:2892) Important: qemu-kvm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10839", "CVE-2018-11806", "CVE-2018-17962", "CVE-2019-12155", "CVE-2019-6778"], "modified": "2019-09-24T13:08:59", "id": "RHSA-2019:2892", "href": "https://access.redhat.com/errata/RHSA-2019:2892", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-09-01T00:28:11", "description": "An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* ccid: Fix incorrect dwProtocol advertisement of T=0 (BZ#1729880)\n\n* QEMU gets stuck on resume/cont call from libvirt (BZ#1741937)\n\n* [v2v] Migration performance regression (BZ#1743322)\n\n* qemu, qemu-img fail to detect alignment with XFS and Gluster/XFS on 4k block device (BZ#1745443)\n\n* qemu-kvm: backport cpuidle-haltpoll support (BZ#1746282)\n\n* qemu aborts in blockCommit: qemu-kvm: block.c:3486 (BZ#1750322)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-24T00:00:00", "type": "nessus", "title": "RHEL 7 : Virtualization Manager (RHSA-2019:3179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3179.NASL", "href": "https://www.tenable.com/plugins/nessus/130188", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3179. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130188);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3179\");\n\n script_name(english:\"RHEL 7 : Virtualization Manager (RHSA-2019:3179)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-rhev is now available for Red Hat\nVirtualization 4 for Red Hat Enterprise Linux 7 and Red Hat\nVirtualization Engine 4.3.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-rhev packages\nprovide the user-space component for running virtual machines that use\nKVM in environments managed by Red Hat products.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* ccid: Fix incorrect dwProtocol advertisement of T=0 (BZ#1729880)\n\n* QEMU gets stuck on resume/cont call from libvirt (BZ#1741937)\n\n* [v2v] Migration performance regression (BZ#1743322)\n\n* qemu, qemu-img fail to detect alignment with XFS and Gluster/XFS on\n4k block device (BZ#1745443)\n\n* qemu-kvm: backport cpuidle-haltpoll support (BZ#1746282)\n\n* qemu aborts in blockCommit: qemu-kvm: block.c:3486 (BZ#1750322)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3179\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.12.0-33.el7_7.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.12.0-33.el7_7.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.12.0-33.el7_7.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.12.0-33.el7_7.4\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.12.0-33.el7_7.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:35:54", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2019:2221-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2221-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128301", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2221-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128301);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2019:2221-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192221-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b72be2e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2221=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2221=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-debugsource-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-kvm-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-lang-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-2.3.1-33.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-debuginfo-2.3.1-33.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:37:01", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements :\n\n - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764)\n\n - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796)\n\n - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025).\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\n - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : qemu (openSUSE-2019-2059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster", "p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2059.NASL", "href": "https://www.tenable.com/plugins/nessus/128465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2059.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128465);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-2059)\");\n script_summary(english:\"Check for the openSUSE-2019-2059 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in\n ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer\n dereference while releasing spice resources\n (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL\n can be bypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements :\n\n - Add vcpu features needed for Cascadelake-Server,\n Icelake-Client and Icelake-Server, especially the\n foundational arch-capabilities to help with security and\n performance on Intel hosts (bsc#1134883) (fate#327764)\n\n - Add support for one more security/performance related\n vcpu feature (bsc#1136778) (fate#327796)\n\n - Disable file locking in the Xen PV disk backend to avoid\n locking issues with PV domUs during migration. The\n issues triggered by the locking can not be properly\n handled in libxl. The locking introduced in qemu-2.10\n was removed again in qemu-4.0 (bsc#1079730, bsc#1098403,\n bsc#1111025).\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\n - Fix vm migration is failing with input/output error when\n nfs server is disconnected (bsc#1119115)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327796\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-arm-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-curl-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-gluster-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-rbd-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-block-ssh-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-debugsource-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-extra-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-guest-agent-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ipxe-1.0.0+-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ksm-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-kvm-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-lang-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ppc-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-s390-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-seabios-1.11.0-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-sgabios-8-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-tools-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-vgabios-1.11.0-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-2.11.2-lp150.7.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-x86-debuginfo-2.11.2-lp150.7.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu / qemu-arm / qemu-arm-debuginfo / qemu-block-curl / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:28:17", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764).\n\nAdd support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795).\n\nDisable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025).\n\nIgnore csske for expanding the cpu model (bsc#1136528).\n\nProvide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130).\n\nFixed virsh migrate-setspeed (bsc#1127077, bsc#1141043).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2353-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2353-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128753);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2353-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements: Add vcpu features needed for\nCascadelake-Server, Icelake-Client and Icelake-Server, especially the\nfoundational arch-capabilities to help with security and performance\non Intel hosts (bsc#1134880) (fate#327764).\n\nAdd support for one more security/performance related vcpu feature\n(bsc#1136777) (fate#327795).\n\nDisable file locking in the Xen PV disk backend to avoid locking\nissues with PV domUs during migration. The issues triggered by the\nlocking can not be properly handled in libxl. The locking introduced\nin qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403,\nbsc#1111025).\n\nIgnore csske for expanding the cpu model (bsc#1136528).\n\nProvide qcow2 L2 caching improvements, which allows for better storage\nperformance in certain configurations (bsc#1139926, ECO-130).\n\nFixed virsh migrate-setspeed (bsc#1127077, bsc#1141043).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192353-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0965071\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2353=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2353=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"qemu-s390-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-curl-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-curl-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-iscsi-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-ssh-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-block-ssh-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-debugsource-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-guest-agent-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-guest-agent-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-kvm-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-lang-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-tools-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qemu-tools-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-kvm-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-tools-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.11.2-5.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-5.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-09-21T16:29:14", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14151-1 advisory.\n\n - interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.\n (CVE-2019-12155)\n\n - qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.\n (CVE-2019-13164)\n\n - ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kvm (SUSE-SU-2019:14151-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2022-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kvm", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14151-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150648", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14151-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150648);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14151-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : kvm (SUSE-SU-2019:14151-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14151-1 advisory.\n\n - interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.\n (CVE-2019-12155)\n\n - qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from\n bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.\n (CVE-2019-13164)\n\n - ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it\n mishandles a case involving the first fragment. (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1135902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143794\");\n # https://lists.suse.com/pipermail/sle-security-updates/2019-August/005835.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ce922f7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'kvm-1.4.2-60.27', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'kvm-1.4.2-60.27', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kvm');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-14T00:24:05", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1216 advisory.\n\n - QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-31T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2020:1216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-14378", "CVE-2020-1711"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev"], "id": "REDHAT-RHSA-2020-1216.NASL", "href": "https://www.tenable.com/plugins/nessus/135033", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1216. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135033);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-14378\", \"CVE-2020-1711\");\n script_bugtraq_id(108429);\n script_xref(name:\"RHSA\", value:\"2020:1216\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2020:1216)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1216 advisory.\n\n - QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1712670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1794290\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_hypervisor': [\n 'rhel-7-server-rhev-mgmt-agent-debug-rpms',\n 'rhel-7-server-rhev-mgmt-agent-els-debug-rpms',\n 'rhel-7-server-rhev-mgmt-agent-els-rpms',\n 'rhel-7-server-rhev-mgmt-agent-els-source-rpms',\n 'rhel-7-server-rhev-mgmt-agent-rpms',\n 'rhel-7-server-rhev-mgmt-agent-source-rpms',\n 'rhel-7-server-rhevh-els-rpms',\n 'rhel-7-server-rhevh-els-source-rpms',\n 'rhel-7-server-rhevh-rpms',\n 'rhel-7-server-rhevh-source-rpms',\n 'rhel-7-server-rhv-4-manager-tools-debug-rpms',\n 'rhel-7-server-rhv-4-manager-tools-rpms',\n 'rhel-7-server-rhv-4-manager-tools-source-rpms',\n 'rhel-7-server-rhv-4-mgmt-agent-debug-rpms',\n 'rhel-7-server-rhv-4-mgmt-agent-rpms',\n 'rhel-7-server-rhv-4-mgmt-agent-source-rpms',\n 'rhel-7-server-rhv-4-tools-debug-rpms',\n 'rhel-7-server-rhv-4-tools-rpms',\n 'rhel-7-server-rhv-4-tools-source-rpms',\n 'rhel-7-server-rhv-4.2-mgmt-agent-eus-debug-rpms',\n 'rhel-7-server-rhv-4.2-mgmt-agent-eus-rpms',\n 'rhel-7-server-rhv-4.2-mgmt-agent-eus-source-rpms',\n 'rhel-7-server-rhv-4.3-mgmt-agent-eus-rpms',\n 'rhel-7-server-rhvh-4-build-debug-rpms',\n 'rhel-7-server-rhvh-4-build-rpms',\n 'rhel-7-server-rhvh-4-build-source-rpms',\n 'rhel-7-server-rhvh-4-debug-rpms',\n 'rhel-7-server-rhvh-4-rpms',\n 'rhel-7-server-rhvh-4-source-rpms',\n 'rhel-7-server-rhvh-4.2-build-eus-rpms',\n 'rhel-7-server-rhvh-4.2-build-eus-source-rpms',\n 'rhel-7-server-rhvh-4.2-eus-debug-rpms',\n 'rhel-7-server-rhvh-4.2-eus-rpms',\n 'rhel-7-server-rhvh-4.2-eus-source-rpms',\n 'rhel-7-server-rhvh-4.3-build-eus-rpms',\n 'rhel-7-server-rhvh-4.3-build-eus-source-rpms',\n 'rhel-7-server-rhvh-4.3-eus-rpms',\n 'rhel-7-server-rhvh-4.3-eus-source-rpms'\n ],\n 'rhev_manager_4': [\n 'rhel-7-server-rhv-4-power-debug-rpms',\n 'rhel-7-server-rhv-4-power-rpms',\n 'rhel-7-server-rhv-4-power-source-rpms',\n 'rhel-7-server-rhv-4.0-debug-rpms',\n 'rhel-7-server-rhv-4.0-manager-debug-rpms',\n 'rhel-7-server-rhv-4.0-manager-rpms',\n 'rhel-7-server-rhv-4.0-manager-source-rpms',\n 'rhel-7-server-rhv-4.0-rpms',\n 'rhel-7-server-rhv-4.0-source-rpms',\n 'rhel-7-server-rhv-4.1-debug-rpms',\n 'rhel-7-server-rhv-4.1-manager-debug-rpms',\n 'rhel-7-server-rhv-4.1-manager-rpms',\n 'rhel-7-server-rhv-4.1-manager-source-rpms',\n 'rhel-7-server-rhv-4.1-rpms',\n 'rhel-7-server-rhv-4.1-source-rpms'\n ],\n 'rhev_manager_4_2': [\n 'rhel-7-server-rhv-4.2-manager-debug-rpms',\n 'rhel-7-server-rhv-4.2-manager-rpms',\n 'rhel-7-server-rhv-4.2-manager-source-rpms'\n ],\n 'rhev_manager_4_3': [\n 'rhel-7-server-rhv-4.3-manager-debug-rpms',\n 'rhel-7-server-rhv-4.3-manager-rpms',\n 'rhel-7-server-rhv-4.3-manager-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'qemu-img-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'redhat-release-virtualization-host-4', 'repo_list':['enterprise_linux_7_hypervisor', 'rhev_manager_4', 'rhev_manager_4_2', 'rhev_manager_4_3']},\n {'reference':'qemu-kvm-common-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'redhat-release-virtualization-host-4', 'repo_list':['enterprise_linux_7_hypervisor', 'rhev_manager_4', 'rhev_manager_4_2', 'rhev_manager_4_3']},\n {'reference':'qemu-kvm-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'redhat-release-virtualization-host-4', 'repo_list':['enterprise_linux_7_hypervisor', 'rhev_manager_4', 'rhev_manager_4_2', 'rhev_manager_4_3']},\n {'reference':'qemu-kvm-tools-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'redhat-release-virtualization-host-4', 'repo_list':['enterprise_linux_7_hypervisor', 'rhev_manager_4', 'rhev_manager_4_2', 'rhev_manager_4_3']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:28:12", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2019:2157-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2157-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2157-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128609);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2019:2157-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192157-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?917bdb3c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2157=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2157=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2157=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2157=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2157=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-debugsource-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-kvm-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-lang-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-2.6.2-41.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-debuginfo-2.6.2-41.55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:34:03", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796)\n\nDisable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025).\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nFix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-dmg", "p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-extra", "p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-linux-user", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2246-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2246-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128318);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nBug fixes and enhancements: Add vcpu features needed for\nCascadelake-Server, Icelake-Client and Icelake-Server, especially the\nfoundational arch-capabilities to help with security and performance\non Intel hosts (bsc#1134883) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature\n(bsc#1136778) (fate#327796)\n\nDisable file locking in the Xen PV disk backend to avoid locking\nissues with PV domUs during migration. The issues triggered by the\nlocking can not be properly handled in libxl. The locking introduced\nin qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403,\nbsc#1111025).\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nFix vm migration is failing with input/output error when nfs server is\ndisconnected (bsc#1119115)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192246-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?901c6416\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-2246=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2246=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2246=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-curl-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-curl-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-dmg-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-iscsi-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-iscsi-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-rbd-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-rbd-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-ssh-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-block-ssh-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-debugsource-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-extra-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-extra-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-guest-agent-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-guest-agent-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-kvm-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-lang-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-debuginfo-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-linux-user-debugsource-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-tools-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-block-dmg-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-block-dmg-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-debugsource-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-extra-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-extra-debuginfo-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-debuginfo-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-linux-user-debugsource-2.11.2-9.28.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-tools-2.11.2-9.28.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"qemu-tools-debuginfo-2.11.2-9.28.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:32:36", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\nCVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031).\n\nBug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883)\n\nAdd SnowRidge-Server vcpu model (jsc#SLE-4883)\n\nAdd in documentation about md-clear feature (bsc#1138534)\n\nFix SEV issue where older machine type is not processed correctly (bsc#1144087)\n\nFix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\nFurther refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796)\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-5008"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-arm", "p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-audio-alsa", "p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-audio-oss", "p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-audio-pa", "p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-dmg", "p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-extra", "p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-linux-user", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource", "p-cpe:/a:novell:suse_linux:qemu-ppc", "p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-testsuite", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ui-curses", "p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-ui-gtk", "p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2192-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2192-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-5008\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-14378: Security fix for heap overflow in ip_reass on big\npacket input (bsc#1143794).\n\nCVE-2019-12155: Security fix for NULL pointer dereference while\nreleasing spice resources (bsc#1135902).\n\nCVE-2019-13164: Security fix for qemu-bridge-helper ACL can be\nbypassed when names are too long (bsc#1140402).\n\nCVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual\nmachine possible through guest device driver (bsc#1133031).\n\nBug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu\nmodel to now be simply Snowridge (jsc#SLE-4883)\n\nAdd SnowRidge-Server vcpu model (jsc#SLE-4883)\n\nAdd in documentation about md-clear feature (bsc#1138534)\n\nFix SEV issue where older machine type is not processed correctly\n(bsc#1144087)\n\nFix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\nFurther refine arch-capabilities handling to help with security and\nperformance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\nAdd support for one more security/performance related vcpu feature\n(bsc#1136778) (fate#327796)\n\nIgnore csske for expanding the cpu model (bsc#1136540)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5008/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192192-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e13d510\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2192=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2192=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2192=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-arm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-arm-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-curl-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-dmg-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-iscsi-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-iscsi-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-rbd-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-rbd-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-ssh-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-block-ssh-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-debugsource-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-extra-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-extra-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-guest-agent-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-kvm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-lang-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-debuginfo-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-linux-user-debugsource-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-ppc-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-ppc-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-testsuite-3.1.1-9.3.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-tools-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"qemu-tools-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-oss-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-audio-pa-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-curses-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-x86-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-arm-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-arm-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-block-dmg-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-debugsource-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-extra-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-extra-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-debuginfo-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-linux-user-debugsource-3.1.1-9.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-ppc-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-ppc-debuginfo-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-testsuite-3.1.1-9.3.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-tools-3.1.1-9.3.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"qemu-tools-debuginfo-3.1.1-9.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:35:30", "description": "This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402).\n\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031).\n\nBug fixes and enhancements :\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883)\n\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n\n - Add in documentation about md-clear feature (bsc#1138534)\n\n - Fix SEV issue where older machine type is not processed correctly (bsc#1144087)\n\n - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)\n\n - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)\n\n - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796)\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : qemu (openSUSE-2019-2041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-5008"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-alsa", "p-cpe:/a:novell:opensuse:qemu-audio-alsa-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-oss", "p-cpe:/a:novell:opensuse:qemu-audio-oss-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-pa", "p-cpe:/a:novell:opensuse:qemu-audio-pa-debuginfo", "p-cpe:/a:novell:opensuse:qemu-audio-sdl", "p-cpe:/a:novell:opensuse:qemu-audio-sdl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-gluster", "p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-nfs", "p-cpe:/a:novell:opensuse:qemu-block-nfs-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ui-curses", "p-cpe:/a:novell:opensuse:qemu-ui-curses-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ui-gtk", "p-cpe:/a:novell:opensuse:qemu-ui-gtk-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ui-sdl", "p-cpe:/a:novell:opensuse:qemu-ui-sdl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2041.NASL", "href": "https://www.tenable.com/plugins/nessus/128457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2041.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128457);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/24 11:01:33\");\n\n script_cve_id(\"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-5008\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2019-2041)\");\n script_summary(english:\"Check for the openSUSE-2019-2041 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-14378: Security fix for heap overflow in\n ip_reass on big packet input (bsc#1143794).\n\n - CVE-2019-12155: Security fix for NULL pointer\n dereference while releasing spice resources\n (bsc#1135902).\n\n - CVE-2019-13164: Security fix for qemu-bridge-helper ACL\n can be bypassed when names are too long (bsc#1140402).\n\n - CVE-2019-5008: Fix DoS (NULL pointer dereference) in\n sparc64 virtual machine possible through guest device\n driver (bsc#1133031).\n\nBug fixes and enhancements :\n\n - Upstream tweaked SnowRidge-Server vcpu model to now be\n simply Snowridge (jsc#SLE-4883)\n\n - Add SnowRidge-Server vcpu model (jsc#SLE-4883)\n\n - Add in documentation about md-clear feature\n (bsc#1138534)\n\n - Fix SEV issue where older machine type is not processed\n correctly (bsc#1144087)\n\n - Fix case of a bad pointer in Xen PV usb support code\n (bsc#1128106)\n\n - Further refine arch-capabilities handling to help with\n security and performance in Intel hosts (bsc#1134883,\n bsc#1135210) (fate#327764)\n\n - Add support for one more security/performance related\n vcpu feature (bsc#1136778) (fate#327796)\n\n - Ignore csske for expanding the cpu model (bsc#1136540)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1143794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327796\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-alsa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-oss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-pa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-audio-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-nfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ui-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-arm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-arm-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-alsa-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-alsa-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-oss-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-oss-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-pa-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-pa-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-sdl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-audio-sdl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-curl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-curl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-dmg-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-dmg-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-gluster-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-gluster-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-iscsi-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-iscsi-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-nfs-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-nfs-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-rbd-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-rbd-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-ssh-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-block-ssh-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-debugsource-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-extra-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-extra-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-guest-agent-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-guest-agent-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ipxe-1.0.0+-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ksm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-kvm-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-lang-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-debuginfo-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-linux-user-debugsource-3.1.1-lp151.7.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ppc-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ppc-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-s390-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-s390-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-seabios-1.12.0-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-sgabios-8-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-testsuite-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-tools-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-tools-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-curses-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-curses-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-gtk-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-gtk-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-sdl-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-ui-sdl-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-vgabios-1.12.0-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-x86-3.1.1-lp151.7.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"qemu-x86-debuginfo-3.1.1-lp151.7.3.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T00:27:23", "description": "It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068)\n\nSergej Schumilo, Cornelius Aschermann and Simon Worner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a NULL pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155)\n\nRiccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164)\n\nIt was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378)\n\nIt was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-14T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : QEMU vulnerabilities (USN-4191-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12068", "CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-15890"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:qemu", "p-cpe:/a:canonical:ubuntu_linux:qemu-kvm", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-common", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-gui", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "p-cpe:/a:canonical:ubuntu_linux:qemu-user-static", "p-cpe:/a:canonical:ubuntu_linux:qemu-utils", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4191-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4191-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131017);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-12068\", \"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-15890\");\n script_xref(name:\"USN\", value:\"4191-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : QEMU vulnerabilities (USN-4191-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the LSI SCSI adapter emulator implementation in\nQEMU did not properly validate executed scripts. A local attacker\ncould use this to cause a denial of service. (CVE-2019-12068)\n\nSergej Schumilo, Cornelius Aschermann and Simon Worner discovered\nthat the qxl paravirtual graphics driver implementation in QEMU\ncontained a NULL pointer dereference. A local attacker in a guest\ncould use this to cause a denial of service. (CVE-2019-12155)\n\nRiccardo Schirone discovered that the QEMU bridge helper did not\nproperly validate network interface names. A local attacker could\npossibly use this to bypass ACL restrictions. (CVE-2019-13164)\n\nIt was discovered that a heap-based buffer overflow existed in the\nSLiRP networking implementation of QEMU. A local attacker in a guest\ncould use this to cause a denial of service or possibly execute\narbitrary code in the host. (CVE-2019-14378)\n\nIt was discovered that a use-after-free vulnerability existed in the\nSLiRP networking implementation of QEMU. A local attacker in a guest\ncould use this to cause a denial of service. (CVE-2019-15890).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4191-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-kvm\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-common\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-user-static\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-utils\", pkgver:\"1:2.5+dfsg-5ubuntu10.42\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-kvm\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-system-common\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-user-static\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"qemu-utils\", pkgver:\"1:2.11+dfsg-1ubuntu7.20\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-kvm\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-system-common\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-system-gui\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-user-static\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"qemu-utils\", pkgver:\"1:3.1+dfsg-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-kvm\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-system-common\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-system-gui\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-system-x86\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-user-static\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"qemu-utils\", pkgver:\"1:4.0+dfsg-0ubuntu9.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu / qemu-kvm / qemu-system-common / qemu-system-gui / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-20T01:30:36", "description": "Security Fix(es): \n\n - QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) -- ", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190903_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128502);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-12155\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190903)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es): \n\n - QEMU: qxl: NULL pointer dereference while releasing\n spice resources (CVE-2019-12155) -- \"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1909&L=SCIENTIFIC-LINUX-ERRATA&P=9428\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6c39b3d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-20T01:25:43", "description": "From Red Hat Security Advisory 2019:2607 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-05T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2019-2607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-2607.NASL", "href": "https://www.tenable.com/plugins/nessus/128514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2607 and \n# Oracle Linux Security Advisory ELSA-2019-2607 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128514);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-12155\");\n script_xref(name:\"RHSA\", value:\"2019:2607\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2019-2607)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2607 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-September/009116.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-20T01:29:25", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-04T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2019:2607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-2607.NASL", "href": "https://www.tenable.com/plugins/nessus/128497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2607. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128497);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-12155\");\n script_xref(name:\"RHSA\", value:\"2019:2607\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2019:2607)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2607\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-167.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-20T01:26:42", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "CentOS 7 : qemu-kvm (CESA-2019:2607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-kvm-common", "p-cpe:/a:centos:centos:qemu-kvm-tools", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2607.NASL", "href": "https://www.tenable.com/plugins/nessus/129022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2607 and \n# CentOS Errata and Security Advisory 2019:2607 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129022);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-12155\");\n script_xref(name:\"RHSA\", value:\"2019:2607\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2019:2607)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* QEMU: qxl: NULL pointer dereference while releasing spice resources\n(CVE-2019-12155)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-September/023428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a13d8457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12155\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-01T00:33:55", "description": "Security fix for CVE-2019-14378\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Fedora 30 : libslirp (2019-77bafc4454)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14378"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libslirp", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-77BAFC4454.NASL", "href": "https://www.tenable.com/plugins/nessus/127516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-77bafc4454.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127516);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/24 11:01:32\");\n\n script_cve_id(\"CVE-2019-14378\");\n script_xref(name:\"FEDORA\", value:\"2019-77bafc4454\");\n\n script_name(english:\"Fedora 30 : libslirp (2019-77bafc4454)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-14378\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-77bafc4454\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libslirp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libslirp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"libslirp-4.0.0-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libslirp\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T00:24:38", "description": "An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-ma (RHSA-2019:3968)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14378"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qemu-img-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-ma", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3968.NASL", "href": "https://www.tenable.com/plugins/nessus/131376", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3968. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131376);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3968\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-ma (RHSA-2019:3968)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm-ma is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm-ma packages\nprovide the user-space component for running virtual machines that use\nKVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"s390x\" >!< cpu) audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3968\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qemu-img-ma-2.12.0-33.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qemu-kvm-common-ma-2.12.0-33.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qemu-kvm-ma-2.12.0-33.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qemu-kvm-ma-debuginfo-2.12.0-33.el7_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qemu-kvm-tools-ma-2.12.0-33.el7_7.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-ma / qemu-kvm-common-ma / qemu-kvm-ma / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-14T00:20:45", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2065 advisory.\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-12T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm-ma (RHSA-2020:2065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14378"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:qemu-img-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-ma"], "id": "REDHAT-RHSA-2020-2065.NASL", "href": "https://www.tenable.com/plugins/nessus/136480", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2065. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136480);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:2065\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-ma (RHSA-2020:2065)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2065 advisory.\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734745\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-ma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-ma\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_eus_7_6_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-source-rpms',\n 'rhel-7-hpc-node-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_eus_7_6_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-7-for-system-z-eus-debug-rpms__7_DOT_6__s390x',\n 'rhel-7-for-system-z-eus-optional-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-debug-rpms__7_DOT_6__s390x',\n 'rhel-7-for-system-z-eus-optional-rpms',\n 'rhel-7-for-system-z-eus-optional-rpms__7_DOT_6__s390x',\n 'rhel-7-for-system-z-eus-optional-source-rpms',\n 'rhel-7-for-system-z-eus-optional-source-rpms__7_DOT_6__s390x',\n 'rhel-7-for-system-z-eus-rpms',\n 'rhel-7-for-system-z-eus-rpms__7_DOT_6__s390x',\n 'rhel-7-for-system-z-eus-source-rpms',\n 'rhel-7-for-system-z-eus-source-rpms__7_DOT_6__s390x',\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-eus-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_6': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_eus_7_6': [\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms__7_DOT_6__s390x',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms__7_DOT_6__s390x',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms__7_DOT_6__s390x',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_6': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_hana_eus_7_6': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_tus_7_6_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_6__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'qemu-img-ma-2.12.0-18.el7_6.6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-common-ma-2.12.0-18.el7_6.6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-ma-2.12.0-18.el7_6.6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-tools-ma-2.12.0-18.el7_6.6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img-ma / qemu-kvm-common-ma / qemu-kvm-ma / qemu-kvm-tools-ma');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-14T02:24:40", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2126 advisory.\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2020:2126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14378"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools"], "id": "REDHAT-RHSA-2020-2126.NASL", "href": "https://www.tenable.com/plugins/nessus/136558", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2126. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136558);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:2126\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2020:2126)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2126 advisory.\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734745\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_eus_7_6_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-rpms__7_DOT_6__x86_64',\n 'rhel-7-hpc-node-eus-source-rpms',\n 'rhel-7-hpc-node-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_eus_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-eus-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_6': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_eus_7_6': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_6': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_extras_sap_hana_eus_7_6': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms__7_DOT_6__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_tus_7_6_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_6__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'qemu-img-1.5.3-160.el7_6.6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-1.5.3-160.el7_6.6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-common-1.5.3-160.el7_6.6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']},\n {'reference':'qemu-kvm-tools-1.5.3-160.el7_6.6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_extras_sap_e4s_7_6', 'rhel_extras_sap_eus_7_6', 'rhel_extras_sap_hana_e4s_7_6', 'rhel_extras_sap_hana_eus_7_6', 'rhel_tus_7_6_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T00:20:24", "description": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. (CVE-2019-14378)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : qemu (ALAS-2020-1401)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14378"], "modified": "2020-03-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ivshmem-tools", "p-cpe:/a:amazon:linux:qemu", "p-cpe:/a:amazon:linux:qemu-audio-alsa", "p-cpe:/a:amazon:linux:qemu-audio-oss", "p-cpe:/a:amazon:linux:qemu-audio-pa", "p-cpe:/a:amazon:linux:qemu-audio-sdl", "p-cpe:/a:amazon:linux:qemu-block-curl", "p-cpe:/a:amazon:linux:qemu-block-dmg", "p-cpe:/a:amazon:linux:qemu-block-iscsi", "p-cpe:/a:amazon:linux:qemu-block-nfs", "p-cpe:/a:amazon:linux:qemu-block-rbd", "p-cpe:/a:amazon:linux:qemu-block-ssh", "p-cpe:/a:amazon:linux:qemu-common", "p-cpe:/a:amazon:linux:qemu-debuginfo", "p-cpe:/a:amazon:linux:qemu-guest-agent", "p-cpe:/a:amazon:linux:qemu-img", "p-cpe:/a:amazon:linux:qemu-kvm", "p-cpe:/a:amazon:linux:qemu-kvm-core", "p-cpe:/a:amazon:linux:qemu-system-aarch64", "p-cpe:/a:amazon:linux:qemu-system-aarch64-core", "p-cpe:/a:amazon:linux:qemu-system-x86", "p-cpe:/a:amazon:linux:qemu-system-x86-core", "p-cpe:/a:amazon:linux:qemu-ui-curses", "p-cpe:/a:amazon:linux:qemu-ui-gtk", "p-cpe:/a:amazon:linux:qemu-ui-sdl", "p-cpe:/a:amazon:linux:qemu-user", "p-cpe:/a:amazon:linux:qemu-user-binfmt", "p-cpe:/a:amazon:linux:qemu-user-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/134329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1401.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134329);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2019-14378\");\n script_xref(name:\"ALAS\", value:\"2020-1401\");\n\n script_name(english:\"Amazon Linux 2 : qemu (ALAS-2020-1401)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer\noverflow via a large packet because it mishandles a case involving the\nfirst fragment. (CVE-2019-14378)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1401.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update qemu' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ivshmem-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-audio-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-kvm-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-aarch64-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-system-x86-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-ui-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"ivshmem-tools-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-alsa-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-oss-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-pa-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-audio-sdl-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-curl-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-dmg-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-iscsi-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-nfs-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-block-ssh-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-common-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-debuginfo-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-guest-agent-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-img-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-kvm-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-kvm-core-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-aarch64-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-aarch64-core-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-x86-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-system-x86-core-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-curses-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-gtk-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-ui-sdl-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-binfmt-3.1.0-8.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qemu-user-static-3.1.0-8.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ivshmem-tools / qemu / qemu-audio-alsa / qemu-audio-oss / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-20T01:10:59", "description": "According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.(CVE-2019-9824)\n\n - interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-9824"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qemu-img", "p-cpe:/a:huawei:euleros:qemu-kvm", "p-cpe:/a:huawei:euleros:qemu-kvm-common", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2255.NASL", "href": "https://www.tenable.com/plugins/nessus/130717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130717);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-12155\",\n \"CVE-2019-9824\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qemu-kvm packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c)\n in QEMU 3.0.0 uses uninitialized data in an snprintf\n call, leading to Information disclosure.(CVE-2019-9824)\n\n - interface_release_resource in hw/display/qxl.c in QEMU\n 4.0.0 has a NULL pointer dereference.(CVE-2019-12155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2255\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca579531\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qemu-kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9824\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qemu-img-1.5.3-156.5.h4\",\n \"qemu-kvm-1.5.3-156.5.h4\",\n \"qemu-kvm-common-1.5.3-156.5.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-01T00:30:38", "description": "Several vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization).\n\nCVE-2016-5126\n\nHeap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.\n\nCVE-2016-5403\n\nThe virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.\n\nCVE-2017-9375\n\nQEMU, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.\n\nCVE-2019-12068\n\nQEMU scsi disk backend: lsi: exit infinite loop while executing script\n\nCVE-2019-12155\n\ninterface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference.\n\nCVE-2019-13164\n\nqemu-bridge-helper.c in QEMU does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.\n\nCVE-2019-14378\n\nip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.\n\nCVE-2019-15890\n\nlibslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in ip_input.c.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u12.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Debian DLA-1927-1 : qemu security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5126", "CVE-2016-5403", "CVE-2017-9375", "CVE-2019-12068", "CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-15890"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-guest-agent", "p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-system-arm", "p-cpe:/a:debian:debian_linux:qemu-system-common", "p-cpe:/a:debian:debian_linux:qemu-system-mips", "p-cpe:/a:debian:debian_linux:qemu-system-misc", "p-cpe:/a:debian:debian_linux:qemu-system-ppc", "p-cpe:/a:debian:debian_linux:qemu-system-sparc", "p-cpe:/a:debian:debian_linux:qemu-system-x86", "p-cpe:/a:debian:debian_linux:qemu-user", "p-cpe:/a:debian:debian_linux:qemu-user-binfmt", "p-cpe:/a:debian:debian_linux:qemu-user-static", "p-cpe:/a:debian:debian_linux:qemu-utils", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1927.NASL", "href": "https://www.tenable.com/plugins/nessus/129105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1927-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129105);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5126\", \"CVE-2016-5403\", \"CVE-2017-9375\", \"CVE-2019-12068\", \"CVE-2019-12155\", \"CVE-2019-13164\", \"CVE-2019-14378\", \"CVE-2019-15890\");\n\n script_name(english:\"Debian DLA-1927-1 : qemu security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in QEMU, a fast processor emulator\n(notably used in KVM and Xen HVM virtualization).\n\nCVE-2016-5126\n\nHeap-based buffer overflow in the iscsi_aio_ioctl function in\nblock/iscsi.c in QEMU allows local guest OS users to cause a denial of\nservice (QEMU process crash) or possibly execute arbitrary code via a\ncrafted iSCSI asynchronous I/O ioctl call.\n\nCVE-2016-5403\n\nThe virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local\nguest OS administrators to cause a denial of service (memory\nconsumption and QEMU process crash) by submitting requests without\nwaiting for completion.\n\nCVE-2017-9375\n\nQEMU, when built with USB xHCI controller emulator support, allows\nlocal guest OS privileged users to cause a denial of service (infinite\nrecursive call) via vectors involving control transfer descriptors\nsequencing.\n\nCVE-2019-12068\n\nQEMU scsi disk backend: lsi: exit infinite loop while executing script\n\nCVE-2019-12155\n\ninterface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference.\n\nCVE-2019-13164\n\nqemu-bridge-helper.c in QEMU does not ensure that a network interface\nname (obtained from bridge.conf or a --br=bridge option) is limited to\nthe IFNAMSIZ size, which can lead to an ACL bypass.\n\nCVE-2019-14378\n\nip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer\noverflow via a large packet because it mishandles a case involving the\nfirst fragment.\n\nCVE-2019-15890\n\nlibslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in\nip_input.c.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u12.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"qemu\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-kvm\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-arm\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-common\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-mips\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-misc\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-x86\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-static\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-utils\", reference:\"1:2.1+dfsg-12+deb8u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-04T13:40:28", "description": "From Red Hat Security Advisory 2020:0366 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : qemu-kvm (ELSA-2020-0366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-kvm", "p-cpe:/a:oracle:linux:qemu-kvm-common", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-0366.NASL", "href": "https://www.tenable.com/plugins/nessus/133513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0366 and \n# Oracle Linux Security Advisory ELSA-2020-0366 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133513);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/10\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:0366\");\n\n script_name(english:\"Oracle Linux 7 : qemu-kvm (ELSA-2020-0366)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0366 :\n\nAn update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-February/009595.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T15:13:39", "description": "Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Debian DSA-4512-1 : qemu - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13164", "CVE-2019-14378"], "modified": "2019-09-24T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:qemu:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4512.NASL", "href": "https://www.tenable.com/plugins/nessus/128430", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4512. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128430);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/24 11:01:32\");\n\n script_cve_id(\"CVE-2019-13164\", \"CVE-2019-14378\");\n script_xref(name:\"DSA\", value:\"4512\");\n\n script_name(english:\"Debian DSA-4512-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in QEMU, a fast processor\nemulator, which could result in denial of service, the execution of\narbitrary code or bypass of ACLs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4512\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1:3.1+dfsg-8+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"qemu\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-block-extra\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-guest-agent\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-kvm\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-arm\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-common\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-data\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-gui\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-mips\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-misc\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-ppc\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-sparc\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-system-x86\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-user\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-user-binfmt\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-user-static\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"qemu-utils\", reference:\"1:3.1+dfsg-8+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-30T19:50:34", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3403 advisory.\n\n - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : container-tools:rhel8 (CESA-2019:3403)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:buildah", "p-cpe:/a:centos:centos:buildah-tests", "p-cpe:/a:centos:centos:cockpit-podman", "p-cpe:/a:centos:centos:container-selinux", "p-cpe:/a:centos:centos:containernetworking-plugins", "p-cpe:/a:centos:centos:containers-common", "p-cpe:/a:centos:centos:fuse-overlayfs", "p-cpe:/a:centos:centos:oci-systemd-hook", "p-cpe:/a:centos:centos:oci-umount", "p-cpe:/a:centos:centos:podman", "p-cpe:/a:centos:centos:podman-docker", "p-cpe:/a:centos:centos:podman-manpages", "p-cpe:/a:centos:centos:podman-remote", "p-cpe:/a:centos:centos:podman-tests", "p-cpe:/a:centos:centos:python-podman-api", "p-cpe:/a:centos:centos:runc", "p-cpe:/a:centos:centos:skopeo", "p-cpe:/a:centos:centos:skopeo-tests", "p-cpe:/a:centos:centos:slirp4netns", "p-cpe:/a:centos:centos:toolbox"], "id": "CENTOS8_RHSA-2019-3403.NASL", "href": "https://www.tenable.com/plugins/nessus/145597", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3403. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145597);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-10214\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3403\");\n\n script_name(english:\"CentOS 8 : container-tools:rhel8 (CESA-2019:3403)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3403 advisory.\n\n - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to\n credential disclosure (CVE-2019-10214)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3403\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:buildah-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cockpit-podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-manpages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-podman-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:skopeo-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:toolbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:rhel8': [\n {'reference':'buildah-1.9.0-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-1.9.0-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-tests-1.9.0-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-tests-1.9.0-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cockpit-podman-4-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cockpit-podman-4-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.107-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.107-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.8.1-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.8.1-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containers-common-0.1.37-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'containers-common-0.1.37-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.4.1-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.4.1-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-manpages-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-manpages-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-remote-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-remote-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-tests-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-tests-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-podman-api-1.2.0-0.1.gitd0a45fe.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-podman-api-1.2.0-0.1.gitd0a45fe.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-60.rc8.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-60.rc8.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'skopeo-0.1.37-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-0.1.37-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.37-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.37-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'slirp4netns-0.3.0-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slirp4netns-0.3.0-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'toolbox-0.0.4-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'toolbox-0.0.4-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-tests / cockpit-podman / container-selinux / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T00:27:47", "description": "An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : container-tools:rhel8 (RHSA-2019:3403)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:buildah", "p-cpe:/a:redhat:enterprise_linux:buildah-debugsource", "p-cpe:/a:redhat:enterprise_linux:buildah-tests", "p-cpe:/a:redhat:enterprise_linux:cockpit-podman", "p-cpe:/a:redhat:enterprise_linux:container-selinux", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource", "p-cpe:/a:redhat:enterprise_linux:containers-common", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-umount", "p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman", "p-cpe:/a:redhat:enterprise_linux:podman-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman-docker", "p-cpe:/a:redhat:enterprise_linux:podman-manpages", "p-cpe:/a:redhat:enterprise_linux:podman-remote", "p-cpe:/a:redhat:enterprise_linux:podman-tests", "p-cpe:/a:redhat:enterprise_linux:python-podman-api", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:runc-debugsource", "p-cpe:/a:redhat:enterprise_linux:skopeo", "p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource", "p-cpe:/a:redhat:enterprise_linux:skopeo-tests", "p-cpe:/a:redhat:enterprise_linux:slirp4netns", "p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource", "p-cpe:/a:redhat:enterprise_linux:toolbox", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3403.NASL", "href": "https://www.tenable.com/plugins/nessus/130536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3403. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130536);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2019-10214\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3403\");\n\n script_name(english:\"RHEL 8 : container-tools:rhel8 (RHSA-2019:3403)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the container-tools:rhel8 module is now available for\nRed Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers,\nnotably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password\ncredentials to token servers leading to credential disclosure\n(CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cockpit-podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-manpages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-podman-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:toolbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:rhel8': [\n {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'cockpit-podman-4-1.module+el8.1.0+4081+b29780af', 'release':'8'},\n {'reference':'container-selinux-2.107-2.module+el8.1.0+4081+b29780af', 'release':'8', 'epoch':'2'},\n {'reference':'containernetworking-plugins-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.8.1-2.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containers-common-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'podman-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-debugsource-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-debugsource-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-debugsource-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-docker-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'release':'8'},\n {'reference':'podman-manpages-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'release':'8'},\n {'reference':'podman-remote-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-remote-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-remote-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-tests-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-tests-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-tests-1.4.2-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python-podman-api-1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af', 'release':'8'},\n {'reference':'runc-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-60.rc8.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},\n {'reference':'skopeo-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.37-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'x86_64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'x86_64', 'release':'8'},\n {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},\n {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},\n {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / buildah-tests / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T00:28:55", "description": "An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : container-tools:1.0 (RHSA-2019:3494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:buildah", "p-cpe:/a:redhat:enterprise_linux:buildah-debugsource", "p-cpe:/a:redhat:enterprise_linux:container-selinux", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource", "p-cpe:/a:redhat:enterprise_linux:containers-common", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-umount", "p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman", "p-cpe:/a:redhat:enterprise_linux:podman-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman-docker", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:runc-debugsource", "p-cpe:/a:redhat:enterprise_linux:skopeo", "p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource", "p-cpe:/a:redhat:enterprise_linux:slirp4netns", "p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3494.NASL", "href": "https://www.tenable.com/plugins/nessus/130544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3494. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130544);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2019-10214\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3494\");\n\n script_name(english:\"RHEL 8 : container-tools:1.0 (RHSA-2019:3494)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the container-tools:1.0 module is now available for Red\nHat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers,\nnotably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\n* containers/image: not enforcing TLS when sending username+password\ncredentials to token servers leading to credential disclosure\n(CVE-2019-10214)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\nif ('1.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:1.0': [\n {'reference':'buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-5.gite94b4f9.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8'},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0', 'release':'8', 'epoch':'2'},\n {'reference':'containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-docker-1.0.0-3.git921f98f.module+el8.1.0+4241+a7060183', 'release':'8'},\n {'reference':'runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-5.git1715c90.module+el8.1.0+4241+a7060183', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'x86_64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / container-selinux / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-04T13:39:17", "description": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "CentOS 7 : qemu-kvm (CESA-2020:0366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qemu-img", "p-cpe:/a:centos:centos:qemu-kvm", "p-cpe:/a:centos:centos:qemu-kvm-common", "p-cpe:/a:centos:centos:qemu-kvm-tools", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0366.NASL", "href": "https://www.tenable.com/plugins/nessus/133507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0366 and \n# CentOS Errata and Security Advisory 2020:0366 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133507);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/10\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:0366\");\n\n script_name(english:\"CentOS 7 : qemu-kvm (CESA-2020:0366)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qemu-kvm is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution\nfor Linux on a variety of architectures. The qemu-kvm packages provide\nthe user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es) :\n\n* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n* QEMU: slirp: heap buffer overflow during packet reassembly\n(CVE-2019-14378)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM qemu-kvm (BZ#1730606)\n\nEnhancement(s) :\n\n* [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ded96fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-30T19:50:14", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3494 advisory.\n\n - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : container-tools:1.0 (CESA-2019:3494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10214", "CVE-2019-14378"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:buildah", "p-cpe:/a:centos:centos:container-selinux", "p-cpe:/a:centos:centos:containernetworking-plugins", "p-cpe:/a:centos:centos:containers-common", "p-cpe:/a:centos:centos:fuse-overlayfs", "p-cpe:/a:centos:centos:oci-systemd-hook", "p-cpe:/a:centos:centos:oci-umount", "p-cpe:/a:centos:centos:podman", "p-cpe:/a:centos:centos:podman-docker", "p-cpe:/a:centos:centos:runc", "p-cpe:/a:centos:centos:skopeo", "p-cpe:/a:centos:centos:slirp4netns"], "id": "CENTOS8_RHSA-2019-3494.NASL", "href": "https://www.tenable.com/plugins/nessus/145593", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3494. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145593);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-10214\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2019:3494\");\n\n script_name(english:\"CentOS 8 : container-tools:1.0 (CESA-2019:3494)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3494 advisory.\n\n - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to\n credential disclosure (CVE-2019-10214)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:slirp4netns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\nif ('1.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:1.0': [\n {'reference':'buildah-1.5-5.gite94b4f9.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-1.5-5.gite94b4f9.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.7.4-3.git9ebe139.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.7.4-3.git9ebe139.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containers-common-0.1.32-5.git1715c90.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'containers-common-0.1.32-5.git1715c90.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.3-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.3-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.0.0-3.git921f98f.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.0.0-3.git921f98f.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.0.0-3.git921f98f.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.0.0-3.git921f98f.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-55.rc5.dev.git2abd837.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-55.rc5.dev.git2abd837.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'skopeo-0.1.32-5.git1715c90.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-0.1.32-5.git1715c90.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / container-selinux / containernetworking-plugins / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-04T13:39:18", "description": "Security Fix(es) :\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20200205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qemu-img", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200205_QEMU_KVM_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133518);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20200205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - hw: TSX Transaction Asynchronous Abort (TAA)\n (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet\n reassembly (CVE-2019-14378)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=388\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de5680ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-img-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-1.5.3-167.el7_7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-1.5.3-167.el7_7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-04T13:38:51", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0366 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : qemu-kvm (RHSA-2020:0366)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11135", "CVE-2019-14378"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:qemu-img", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common", "p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools"], "id": "REDHAT-RHSA-2020-0366.NASL", "href": "https://www.tenable.com/plugins/nessus/133482", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0366. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133482);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\"CVE-2019-11135\", \"CVE-2019-14378\");\n script_xref(name:\"RHSA\", value:\"2020:0366\");\n\n script_name(english:\"RHEL 7 : qemu-kvm (RHSA-2020:0366)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0366 advisory.\n\n - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)\n\n - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/203.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/226.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14378\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 203, 226, 385);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_aus_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms'\n ],\n 'rhel_eus_7_7_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-rpms__7_DOT_7__x86_64',\n 'rhel-7-hpc-node-eus-source-rpms',\n 'rhel-7-hpc-node-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_eus_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-eus-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_e4s_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_eus_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_e4s_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_eus_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_7__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'qemu-img-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']},\n {'reference':'qemu-kvm-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']},\n {'reference':'qemu-kvm-common-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']},\n {'reference':'qemu-kvm-tools-1.5.3-167.el7_7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_eus_7_7', 'rhel_extras_sap_hana_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_extras_sap_hana_eus_7_7', 'rhel_tus_7_7_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:52:33", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3345 advisory.\n\n - QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\n - ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)\n\n - QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : virt:rhel (CESA-2019:3345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12155", "CVE-2019-9755", "CVE-2019-9824"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:SLOF", "p-cpe:/a:centos:centos:hivex", "p-cpe:/a:centos:centos:hivex-devel", "p-cpe:/a:centos:centos:libguestfs", "p-cpe:/a:centos:centos:libguestfs-bash-completion", "p-cpe:/a:centos:centos:libguestfs-benchmarking", "p-cpe:/a:centos:centos:libguestfs-devel", "p-cpe:/a:centos:centos:libguestfs-gfs2", "p-cpe:/a:centos:centos:libguestfs-gobject", "p-cpe:/a:centos:centos:libguestfs-gobject-devel", "p-cpe:/a:centos:centos:libguestfs-inspect-icons", "p-cpe:/a:centos:centos:libguestfs-java", "p-cpe:/a:centos:centos:libguestfs-java-devel", "p-cpe:/a:centos:centos:libguestfs-javadoc", "p-cpe:/a:centos:centos:libguestfs-man-pages-ja", "p-cpe:/a:centos:centos:libguestfs-man-pages-uk", "p-cpe:/a:centos:centos:libguestfs-rescue", "p-cpe:/a:centos:centos:libguestfs-rsync", "p-cpe:/a:centos:centos:libguestfs-tools", "p-cpe:/a:centos:centos:libguestfs-tools-c", "p-cpe:/a:centos:centos:libguestfs-winsupport", "p-cpe:/a:centos:centos:libguestfs-xfs", "p-cpe:/a:centos:centos:libiscsi", "p-cpe:/a:centos:centos:libiscsi-devel", "p-cpe:/a:centos:centos:libiscsi-utils", "p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-admin", "p-cpe:/a:centos:centos:libvirt-bash-completion", "p-cpe:/a:centos:centos:libvirt-client", "p-cpe:/a:centos:centos:libvirt-daemon", "p-cpe:/a:centos:centos:libvirt-daemon-config-network", "p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-interface", "p-cpe:/a:centos:centos:libvirt-daemon-driver-network", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter", "p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu", "p-cpe:/a:centos:centos:libvirt-daemon-driver-secret", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:centos:centos:libvirt-daemon-kvm", "p-cpe:/a:centos:centos:libvirt-dbus", "p-cpe:/a:centos:centos:libvirt-devel", "p-cpe:/a:centos:centos:libvirt-docs", "p-cpe:/a:centos:centos:libvirt-libs", "p-cpe:/a:centos:centos:libvirt-lock-sanlock", "p-cpe:/a:centos:centos:libvirt-nss", "p-cpe:/a:centos:centos:lua-guestfs", "p-cpe:/a:centos:centos:nbdkit", "p-cpe:/a:centos:centos:nbdkit-bash-completion", "p-cpe:/a:centos:centos:nbdkit-basic-plugins", "p-cpe:/a:centos:centos:nbdkit-devel", "p-cpe:/a:centos:centos:nbdkit-example-plugins", "p-cpe:/a:centos:centos:nbdkit-plugin-gzip", "p-cpe:/a:centos:centos:nbdkit-plugin-python-common", "p-cpe:/a:centos:centos:nbdkit-plugin-python3", "p-cpe:/a:centos:centos:nbdkit-plugin-vddk", "p-cpe:/a:centos:centos:nbdkit-plugin-xz", "p-cpe:/a:centos:centos:netcf", "p-cpe:/a:centos:centos:netcf-devel", "p-cpe:/a:centos:centos:netcf-libs", "p-cpe:/a:centos:centos:ocaml-hivex", "p-cpe:/a:centos:centos:ocaml-hivex-devel", "p-cpe:/a:centos:centos:ocaml-libguestfs", "p-cpe:/a:centos:centos:ocaml-libguestfs-devel", "p-cpe:/a:centos:centos:perl-Sys-Guestfs", "p-cpe:/a:centos:centos:perl-Sys-Virt", "p-cpe:/a:centos:centos:perl-hivex", "p-cpe:/a:centos:centos:python3-hivex", "p-cpe:/a:centos:centos:python3-libguestfs", "p-cpe:/a:centos:centos:python3-libvirt", "p-cpe:/a:centos:centos:ruby-hivex", "p-cpe:/a:centos:centos:ruby-libguestfs", "p-cpe:/a:centos:centos:seabios", "p-cpe:/a:centos:centos:seabios-bin", "p-cpe:/a:centos:centos:seavgabios-bin", "p-cpe:/a:centos:centos:sgabios", "p-cpe:/a:centos:centos:sgabios-bin", "p-cpe:/a:centos:centos:supermin", "p-cpe:/a:centos:centos:supermin-devel", "p-cpe:/a:centos:centos:virt-dib", "p-cpe:/a:centos:centos:virt-p2v-maker", "p-cpe:/a:centos:centos:virt-v2v"], "id": "CENTOS8_RHSA-2019-3345.NASL", "href": "https://www.tenable.com/plugins/nessus/145576", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3345. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145576);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-9755\", \"CVE-2019-9824\", \"CVE-2019-12155\");\n script_bugtraq_id(107468, 108429);\n script_xref(name:\"RHSA\", value:\"2019:3345\");\n\n script_name(english:\"CentOS 8 : virt:rhel (CESA-2019:3345)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3345 advisory.\n\n - QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)\n\n - ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)\n\n - QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9755\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SLOF\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-benchmarking\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-gobject-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-inspect-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-man-pages-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-man-pages-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-rescue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-winsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libguestfs-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libiscsi-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lua-guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-basic-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-example-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-python-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-vddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nbdkit-plugin-xz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netcf-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Sys-Virt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seavgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sgabios-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:supermin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:supermin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-dib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-p2v-maker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virt-v2v\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/virt-devel');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');\nif ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt-devel:' + module_ver);\n\nappstreams = {\n 'virt-devel:rhel': [\n {'reference':'hivex-1.3.15-7.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-1.3.15-7.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'hivex-devel-1.3.15-7.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-bash-completion-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-benchmarking-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-devel-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-devel-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gfs2-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gfs2-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-gobject-devel-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-inspect-icons-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-devel-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-java-devel-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-javadoc-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-javadoc-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-ja-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-man-pages-uk-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rescue-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rescue-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rsync-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-rsync-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-c-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-tools-c-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-winsupport-8.0-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-xfs-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libguestfs-xfs-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-1.18.0-8.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-devel-1.18.0-8.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libiscsi-utils-1.18.0-8.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-admin-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-bash-completion-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-client-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-network-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-config-nwfilter-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-interface-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-network-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nodedev-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-nwfilter-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-qemu-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-secret-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-core-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-disk-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-gluster-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-iscsi-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-logical-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-mpath-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-rbd-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-driver-storage-scsi-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-daemon-kvm-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-dbus-1.2.0-3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-devel-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-docs-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-libs-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-lock-sanlock-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libvirt-nss-4.5.0-35.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lua-guestfs-1.38.4-14.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-bash-completion-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-basic-plugins-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-devel-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-example-plugins-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-gzip-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python-common-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-python3-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-vddk-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nbdkit-plugin-xz-1.4.2-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-0.2.8-12.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-devel-0.2.8-12.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netcf-libs-0.2.8-12.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocaml-hivex-1.3.15-7.module_el8.1.
(RHSA-2019:4344) Important: qemu-kvm-rhev security update
