{"id": "XSA-310", "bulletinFamily": "software", "title": "Further issues with restartable PV type change operations", "description": "#### ISSUE DESCRIPTION\nXSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed.\n#### IMPACT\nA malicious PV guest administrator may be able to escalate their privilege to that of the host.\n#### VULNERABLE SYSTEMS\nAll security-supported versions of Xen are vulnerable.\nOnly x86 systems are affected. Arm systems are not affected.\nOnly x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability.\nNote that these attacks require very precise timing, which may be difficult to exploit in practice.\n", "published": "2019-12-11T12:00:00", "modified": "2019-12-11T12:09:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://xenbits.xen.org/xsa/advisory-310.html", "reporter": "Xen Project", "references": [], "cvelist": ["CVE-2019-19580"], "type": "xen", "lastseen": "2019-12-11T16:19:56", "edition": 1, "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19580"]}, {"type": "symantec", "idList": ["SMNTC-111180"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-3309-1.NASL", "SUSE_SU-2020-0334-1.NASL", "SUSE_SU-2019-3296-1.NASL", "FEDORA_2019-2E12BD3A9A.NASL", "SUSE_SU-2019-3338-1.NASL", "SUSE_SU-2020-1630-1.NASL", "SUSE_SU-2019-3310-1.NASL", "XEN_SERVER_XSA-310.NASL", "FEDORA_2019-6AAD703290.NASL", "OPENSUSE-2020-11.NASL"]}, {"type": "citrix", "idList": ["CTX266932"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852977", "OPENVAS:1361412562310704602", "OPENVAS:1361412562310877281", "OPENVAS:1361412562310877407", "OPENVAS:1361412562310877102", "OPENVAS:1361412562310877391"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0011-1"]}, {"type": "gentoo", "idList": ["GLSA-202003-56"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4602-1:C29F7"]}], "modified": "2019-12-11T16:19:56", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2019-12-11T16:19:56", "rev": 2}, "vulnersScore": 5.5}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-12-09T21:41:49", "description": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.", "edition": 11, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-11T18:16:00", "title": "CVE-2019-19580", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19580"], "modified": "2020-01-03T22:15:00", "cpe": ["cpe:/o:xen:xen:4.12.1", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2019-19580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19580", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.12.1:*:*:*:*:*:x86:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2019-12-13T14:21:54", "bulletinFamily": "software", "cvelist": ["CVE-2019-19580"], "description": "### Description\n\nXen is prone to a local privilege-escalation vulnerability. Local attacker can exploit this issue to gain elevated privileges on affected computers. Xen version 4.12.x and prior are vulnerable.\n\n### Technologies Affected\n\n * Citrix Hypervisor 8.0 \n * Citrix XenServer 7.0 \n * Citrix XenServer 7.1 LTSR CU2 \n * Citrix XenServer 7.6 \n * Xen Xen 3.0.2 \n * Xen Xen 3.0.3 \n * Xen Xen 3.0.4 \n * Xen Xen 3.1 \n * Xen Xen 3.1.3 \n * Xen Xen 3.1.4 \n * Xen Xen 3.2.0 \n * Xen Xen 3.2.1 \n * Xen Xen 3.2.2 \n * Xen Xen 3.2.3 \n * Xen Xen 3.3.0 \n * Xen Xen 3.3.1 \n * Xen Xen 3.3.2 \n * Xen Xen 3.4.0 \n * Xen Xen 3.4.1 \n * Xen Xen 3.4.2 \n * Xen Xen 3.4.3 \n * Xen Xen 3.4.4 \n * Xen Xen 4.0.0 \n * Xen Xen 4.0.1 \n * Xen Xen 4.0.2 \n * Xen Xen 4.0.3 \n * Xen Xen 4.0.4 \n * Xen Xen 4.1.0 \n * Xen Xen 4.1.1 \n * Xen Xen 4.1.2 \n * Xen Xen 4.1.3 \n * Xen Xen 4.1.4 \n * Xen Xen 4.1.5 \n * Xen Xen 4.1.6.1 \n * Xen Xen 4.10.0 \n * Xen Xen 4.10.1 \n * Xen Xen 4.10.2 \n * Xen Xen 4.11.0 \n * Xen Xen 4.12.0 \n * Xen Xen 4.2.0 \n * Xen Xen 4.2.1 \n * Xen Xen 4.2.2 \n * Xen Xen 4.2.3 \n * Xen Xen 4.3.0 \n * Xen Xen 4.3.1 \n * Xen Xen 4.4.0 \n * Xen Xen 4.4.1 \n * Xen Xen 4.5.0 \n * Xen Xen 4.5.3 \n * Xen Xen 4.6.0 \n * Xen Xen 4.6.3 \n * Xen Xen 4.7.0 \n * Xen Xen 4.8.0 \n * Xen Xen 4.8.4 \n * Xen Xen 4.9.0 \n * Xen Xen 4.9.1 \n * Xen Xen 4.9.2 \n * Xen Xen 4.9.3 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the nature of this issue, allow only trusted and accountable individuals to have access.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-12-11T00:00:00", "published": "2019-12-11T00:00:00", "id": "SMNTC-111180", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111180", "type": "symantec", "title": "Xen CVE-2019-19580 Incomplete Fix Local Privilege Escalation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2020-07-11T05:19:30", "description": "According to its self-reported version number, the Xen hypervisor installed on\nthe remote host is affected by an elevation of privilege vulnerability due to\nrace conditions in the pagetable promotion and demotion operations. An\nauthenticated, remote attacker can exploit this issue, by triggering race\nconditions and cause Xen to drop or retain extra type counts, to get write\naccess to in-use pagetables and potentially gain elevated privileges.\n\nAdvisory XSA-310 addresses edge-cases not identified in XSA-299. HVM and PVH\nguests cannot exercise this vulnerability. ARM systems are not vulnerable\nbecause ARM guests are all PVH.\n\nNote that Nessus has checked the changeset versions based on the xen.git change\nlog. Nessus did not check guest hardware configurations or if patches were\napplied manually to the source code before a recompile and reinstall.", "edition": 10, "cvss3": {"score": 6.6, "vector": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-19T00:00:00", "title": "Xen Project Restartable PV Type Change Operations Elevation of Privilege Vulnerability (XSA-310)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19580"], "modified": "2019-12-19T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-310.NASL", "href": "https://www.tenable.com/plugins/nessus/132316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132316);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-19580\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"Xen Project Restartable PV Type Change Operations Elevation of Privilege Vulnerability (XSA-310)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor installed on\nthe remote host is affected by an elevation of privilege vulnerability due to\nrace conditions in the pagetable promotion and demotion operations. An\nauthenticated, remote attacker can exploit this issue, by triggering race\nconditions and cause Xen to drop or retain extra type counts, to get write\naccess to in-use pagetables and potentially gain elevated privileges.\n\nAdvisory XSA-310 addresses edge-cases not identified in XSA-299. HVM and PVH\nguests cannot exercise this vulnerability. ARM systems are not vulnerable\nbecause ARM guests are all PVH.\n\nNote that Nessus has checked the changeset versions based on the xen.git change\nlog. Nessus did not check guest hardware configurations or if patches were\napplied manually to the source code before a recompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/xsa/advisory-310.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19580\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.8']['fixed_ver'] = '4.8.5';\nfixes['4.8']['fixed_ver_display'] = '4.8.5 (changeset e60c718)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"d46f8e0\", \"3430c46\",\n \"bafcd7f\", \"76dad2e\", \"714a65a\", \"d1d3431\", \"a260e93\", \"ec6c25e\",\n \"1486caf\", \"4c666a7\", \"a70ba89\", \"6082eac\", \"fb93a9b\", \"80e67e4\",\n \"dc62982\", \"aca2511\", \"17c3324\", \"4ffb12e\", \"929ec99\", \"ae9ec06\",\n \"6c4efc1\", \"2867c7e\", \"611ca5b\", \"12ac129\", \"f1bf612\", \"422d637\",\n \"6699295\", \"10105fa\", \"bf78103\", \"219b64d\", \"f03e1b7\", \"048bbe8\",\n \"151406a\", \"d02aeba\", \"960670a\", \"4ed28df\", \"c67210f\", \"d4d3ab3\",\n \"d87211e\", \"a9acbcf\", \"514de95\", \"48ab64f\", \"181ed91\", \"c3fdb25\",\n \"7feb3cc\", \"343c611\", \"257048f\", \"491e033\", \"3683ec2\", \"a172d06\",\n \"52092fc\", \"e0d6cde\", \"cc1c9e3\", \"f6a4af3\", \"ece24c0\", \"175a698\",\n \"48f5cf7\", \"9eb6247\", \"31cbd18\", \"fcf002d\", \"ecbf88a\", \"d929136\",\n \"8099c04\", \"752fb21\", \"a95a103\", \"3dcb199\", \"55da36f\", \"160f050\",\n \"194b7a2\", \"a556287\", \"2032f86\", \"e9d860f\", \"a1f8fe0\", \"5bc841c\",\n \"4539dbc\", \"dcd6efd\", \"88fb22b\", \"1c4ab1e\", \"40ad83f\", \"51c3b69\",\n \"44aba8b\", \"067ec7d\", \"f51d8e5\", \"b9b0c46\", \"908e768\");\n\nfixes['4.9']['fixed_ver'] = '4.9.4';\nfixes['4.9']['fixed_ver_display'] = '4.9.4 (changeset 55bd90d)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"173e805\", \"248f22e\",\n \"ec229c2\", \"e879bfe\", \"ce126c9\", \"4b69427\", \"8d1ee9f\", \"e60b3a9\",\n \"25f5530\", \"49db55f\", \"fa34ed5\", \"704f7ec\", \"a930a74\", \"8c52ee2\",\n \"2e15a19\", \"70639ac\", \"c3b479d\", \"e349eae\", \"632fb4e\", \"4608c6d\",\n \"7daacca\", \"859e48e\", \"5be2dd0\", \"b0147bd\", \"cadd66a\", \"d3c4b60\",\n \"d59f5c4\", \"44303c6\", \"79538ba\", \"80c3157\", \"73f1a55\", \"bc20fb1\",\n \"754a531\", \"7b032c2\", \"ff4fdf0\", \"8d2a688\", \"b9013d7\", \"bc8e5ec\",\n \"34907f5\", \"e70bf7e\", \"fa0b891\", \"3a8177c\", \"04ec835\", \"8d63ec4\",\n \"1ff6b4d\", \"f092d86\", \"e4b534f\", \"87c49fe\", \"19becb8\", \"43775c0\",\n \"f6b0f33\", \"a17e75c\", \"67530e7\", \"f804549\", \"84f81a8\", \"56aa239\",\n \"105db42\", \"d9da3ea\", \"ac90240\", \"3db28b0\", \"9b6f1c0\", \"0c4bbad\",\n \"917d8d3\", \"3384ea4\", \"352421f\", \"04e9dcb\", \"1612f15\", \"f952b1d\",\n \"63d9330\", \"f72414a\", \"ac3a5f8\", \"1ae6b8e\", \"1dd3dcc\", \"7390fa1\",\n \"7e78dc4\", \"8fdfb1e\", \"55d36e2\", \"045f37c\", \"dd7e637\", \"7a40b5b\", \"f5acf97\");\n\nfixes['4.10']['fixed_ver'] = '4.10.4';\nfixes['4.10']['fixed_ver_display'] = '4.10.4 (changeset ba2776a)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"9d143e8\", \"fe8dab3\",\n \"07e546e\", \"fefa5f9\", \"c9f9ff7\", \"406d40d\", \"e489955\", \"37139f1\",\n \"fde09cb\", \"804ba02\", \"e8c3971\", \"a8c4293\", \"aa40452\", \"1da3dab\",\n \"e5632c4\", \"902e72d\", \"6a14610\", \"ea815b2\", \"13ad331\", \"61b75d9\",\n \"e70e7bf\", \"e966e2e\", \"dfa16a1\", \"a71e199\", \"c98be9e\", \"a548e10\",\n \"d3c0e84\", \"53b1572\", \"7203f9a\", \"6d1659d\", \"a782173\", \"24e90db\",\n \"0824bc6\", \"e6f3135\", \"3131bf9\");\n\nfixes['4.11']['fixed_ver'] = '4.11.4';\nfixes['4.11']['fixed_ver_display'] = '4.11.4-pre (changeset 1432cd5)';\nfixes['4.11']['affected_ver_regex'] = '^4\\\\.11\\\\.';\nfixes['4.11']['affected_changesets'] = make_list(\"608be81\", \"d81c711\",\n \"3d2cc67\", \"d4a67be\", \"b8a8278\", \"06555fd\");\n\nfixes['4.12']['fixed_ver'] = '4.12.2';\nfixes['4.12']['fixed_ver_display'] = '4.12.2-pre (changeset 1363b37)';\nfixes['4.12']['affected_ver_regex'] = '^4\\\\.12\\\\.';\nfixes['4.12']['affected_changesets'] = make_list(\"5701907\", \"f84bcfe\",\n \"5eaba24\", \"268e5f6\", \"0e3fd5d\", \"212b850\", \"2590905\", \"4a0187b\",\n \"cfc7ff1\", \"54e3018\", \"1e8932f\", \"3488f26\", \"08473cf\", \"acaf498\",\n \"40aaf77\", \"6ef9471\", \"dde68d8\", \"7275095\", \"3f224c9\", \"1f6bbde\",\n \"99bc12e\", \"0a69b62\", \"e10c1fb\", \"e3ea01d\", \"c5a0891\", \"1f86e9a\",\n \"ee55d9e\", \"b971da6\", \"28f34ab\", \"2caa419\", \"26d307a\", \"6b88ada\",\n \"4e893a4\", \"3236f62\", \"c88640c\", \"a00325a\", \"6a66c54\", \"0b22b83\",\n \"f0b9b67\", \"a387799\", \"1cb2d60\", \"875879a\", \"a008435\", \"3b448cb\",\n \"1d64dc7\", \"d1a06c9\", \"1a69ef0\", \"18f988a\", \"88d4e37\", \"36d2ecb\",\n \"ee37d67\", \"ece1cb0\", \"f4a82a3\", \"cf47a0e\", \"3334cb1\", \"08fde90\",\n \"16f03e0\", \"58668f1\", \"0138da1\", \"12a1ff9\", \"a457425\", \"7f10403\",\n \"b29848b\", \"278e46a\", \"7412e27\", \"58d59b9\", \"16bc9c0\", \"694fa9c\",\n \"df67757\", \"bbcd6c5\", \"7575728\", \"db91ac4\", \"5698505\", \"28c209e\",\n \"1b1295e\", \"94ff3cf\", \"3918f99\", \"81a0e12\", \"113282b\", \"828e277\",\n \"f5af2b9\", \"09513ab\", \"3dc7b91\", \"3d83e00\", \"26b8dd7\", \"5572ba9\",\n \"bb4c1a8\", \"81feea0\", \"9f74689\", \"5f1c9e4\", \"4b5cc95\", \"ab1e6a7\",\n \"801acf8\", \"97b4698\", \"e28f7d6\", \"4fe70a1\", \"c288534\", \"2a8209f\",\n \"bc87a2d\", \"8fbf991\", \"8382d02\", \"e142459\", \"0d210c0\", \"89de994\",\n \"9187046\", \"634a4d3\", \"b6ee060\", \"61770e7\", \"599d6d2\", \"9d73672\",\n \"e6ccef1\", \"2b84ade\", \"d2ca39f\", \"04a2fe9\", \"3c10d06\", \"4e145fd\",\n \"07ec556\", \"847fc70\", \"5ea346e\", \"d42fb06\", \"32443f6\", \"a5fc553\",\n \"b465705\", \"d04466f\", \"be2cd69\", \"50b9123\", \"8b129ba\", \"b527557\");\n\nfixes['4.13']['fixed_ver'] = '4.13.0';\nfixes['4.13']['fixed_ver_display'] = '4.13.0-rc (changeset 3e1b787)';\nfixes['4.13']['affected_ver_regex'] = '^4\\\\.13\\\\.';\nfixes['4.13']['affected_changesets'] = make_list(\"776f604\", \"cc8ac8d\",\n \"0ee7151\", \"f919dca\", \"d8538f7\", \"fd31193\", \"b0f0bbc\", \"c6c74e3\",\n \"b789dd9\", \"fd9bfab\", \"8ba4cd9\", \"c1299c1\", \"d7abfd2\", \"ea6a2c4\",\n \"78e7c2e\", \"8ba357f\", \"7a0e35f\", \"b9d5e03\", \"308d78b\", \"eb6b000\",\n \"d4d4c87\", \"1d758bc\", \"e2585f8\", \"943c74b\", \"81ecb38\", \"5655ce8\",\n \"56348df\", \"9a400d1\", \"72580a8\", \"195b79a\", \"34c1172\", \"5530782\",\n \"3f1a53b\", \"4859911\", \"ba2ab00\", \"8c79c12\", \"77beba7\", \"8f48634\",\n \"c568b11\", \"183f354\", \"ca4cd36\", \"d7cd999\", \"df7a193\", \"83ac5ab\",\n \"a7b88f0\", \"9678167\", \"7059afb\", \"534f9e2\", \"a0bfdf6\", \"0d2791b\",\n \"bad237d\", \"0273d8e\", \"f710b76\", \"dde3135\", \"3afbd23\", \"e28eed5\",\n \"5a870b0\", \"f3e4fb5\", \"66b9765\", \"31c16a8\", \"5f7e950\", \"e7c3202\",\n \"4abbac1\", \"b92a286\", \"65d1049\", \"f06d11d\", \"a72c508\", \"f43afb0\",\n \"7b4c3d0\", \"09242da\", \"85e1424\", \"c67c43c\", \"8c43308\", \"070e8ce\",\n \"0cafb89\", \"59e89cd\", \"6dacdcd\", \"d13dfb0\", \"8f1d6c0\", \"aaef3d9\",\n \"3683290\", \"cda8f7e\", \"0c2a550\", \"0aaad75\", \"ad59145\", \"dedcb10\",\n \"6de848f\", \"70fcd1e\", \"a458d3b\", \"2e2356c\", \"f9e10a9\", \"f11fda9\",\n \"7afbbca\", \"6378a4c\", \"ba165e7\", \"92f91d2\", \"efee8ba\", \"df12595\",\n \"adaecef\", \"354b0f2\", \"32e1956\", \"38533d9\", \"0ae2491\", \"dfdb006\",\n \"ae2f94c\", \"abb234b\", \"5751861\", \"0f45bbb\", \"ed13221\", \"7e4404f\",\n \"3ed885a\", \"61b6835\", \"a7b81b0\", \"6eeef7e\", \"319f9a0\", \"31b4f4a\",\n \"6e8e163\", \"88aaf40\", \"c40b33d\", \"3c15a2d\", \"2f12624\", \"d28fe10\",\n \"18b0ab6\", \"ff0b9a5\", \"2aab06d\", \"0121588\", \"1b6fa63\", \"bf656e0\",\n \"3165ffe\", \"93021cb\", \"0bf9f8d\", \"ece1d5c\", \"b362c51\", \"2d6f36d\",\n \"8a74707\", \"f51d4a1\", \"1a3b393\", \"cbe572d\", \"368375d\", \"2a474dc\",\n \"7d2655f\", \"07149d9\", \"1666939\", \"dfcccc6\", \"4945041\", \"86cf0ed\",\n \"dc2aaaf\", \"09348b0\", \"ecec150\", \"0e606c1\", \"7b1e233\", \"64b5d83\",\n \"9633929\", \"333d741\", \"ad011ad\", \"95596f6\", \"5f135a6\", \"af5c475\",\n \"5dedc18\", \"67c82f4\", \"a9af7cd\", \"2541fcc\", \"3f21bd4\", \"c399983\",\n \"4f05a0c\", \"818927e\", \"3f82eb9\", \"7eee9c1\", \"529a76f\", \"9257c21\",\n \"b7fab13\", \"8dea470\", \"a7ecdf8\", \"8d4f1b8\", \"08e2059\", \"8dba9a8\",\n \"228a025\", \"59d03d2\", \"6da80b2\", \"00fc900\", \"4c555ec\", \"55ab292\",\n \"e370582\", \"951ab40\", \"518c935\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset) || empty_or_null(fixes[ver_branch]['affected_changesets']))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-07-11T04:59:48", "description": "This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-12-16T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2019:3296-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583"], "modified": "2019-12-16T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2019-3296-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3296-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132072);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2019:3296-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193296-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9162167e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-3296=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3296=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19578\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.1_10-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.1_10-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T01:44:28", "description": "denial of service in find_next_bit() [XSA-307, CVE-2019-19581,\nCVE-2019-19582] (#1782211) denial of service in HVM/PVH guest\nuserspace code [XSA-308, CVE-2019-19583] (#1782206) privilege\nescalation due to malicious PV guest [XSA-309, CVE-2019-19578]\n(#1782210) Further issues with restartable PV type change operations\n[XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic height\nhandling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-01-06T00:00:00", "title": "Fedora 30 : xen (2019-2e12bd3a9a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583"], "modified": "2020-01-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2019-2E12BD3A9A.NASL", "href": "https://www.tenable.com/plugins/nessus/132641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-2e12bd3a9a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132641);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"FEDORA\", value:\"2019-2e12bd3a9a\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"Fedora 30 : xen (2019-2e12bd3a9a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"denial of service in find_next_bit() [XSA-307, CVE-2019-19581,\nCVE-2019-19582] (#1782211) denial of service in HVM/PVH guest\nuserspace code [XSA-308, CVE-2019-19583] (#1782206) privilege\nescalation due to malicious PV guest [XSA-309, CVE-2019-19578]\n(#1782210) Further issues with restartable PV type change operations\n[XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic height\nhandling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e12bd3a9a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"xen-4.11.3-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T01:48:22", "description": "denial of service in find_next_bit() [XSA-307, CVE-2019-19581,\nCVE-2019-19582] (#1782211) denial of service in HVM/PVH guest\nuserspace code [XSA-308, CVE-2019-19583] (#1782206) privilege\nescalation due to malicious PV guest [XSA-309, CVE-2019-19578]\n(#1782210) Further issues with restartable PV type change operations\n[XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic height\nhandling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "title": "Fedora 31 : xen (2019-6aad703290)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-6AAD703290.NASL", "href": "https://www.tenable.com/plugins/nessus/132113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6aad703290.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132113);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"FEDORA\", value:\"2019-6aad703290\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"Fedora 31 : xen (2019-6aad703290)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"denial of service in find_next_bit() [XSA-307, CVE-2019-19581,\nCVE-2019-19582] (#1782211) denial of service in HVM/PVH guest\nuserspace code [XSA-308, CVE-2019-19583] (#1782206) privilege\nescalation due to malicious PV guest [XSA-309, CVE-2019-19578]\n(#1782210) Further issues with restartable PV type change operations\n[XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic height\nhandling for AMD IOMMU pagetables [XSA-311, CVE-2019-19577] (#1782208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6aad703290\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19578\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"xen-4.12.1-8.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T03:50:39", "description": "This update for xen fixes the following issues :\n\n - CVE-2019-19581: Fixed a potential out of bounds on\n 32-bit Arm (bsc#1158003 XSA-307).\n\n - CVE-2019-19582: Fixed a potential infinite loop when x86\n accesses to bitmaps with a compile time known size of 64\n (bsc#1158003 XSA-307).\n\n - CVE-2019-19583: Fixed improper checks which could have\n allowed HVM/PVH guest userspace code to crash the\n guest,leading to a guest denial of service (bsc#1158004\n XSA-308).\n\n - CVE-2019-19578: Fixed an issue where a malicious or\n buggy PV guest could have caused hypervisor crash\n resulting in denial of service affecting the entire host\n (bsc#1158005 XSA-309).\n\n - CVE-2019-19580: Fixed a privilege escalation where a\n malicious PV guest administrator could have been able to\n escalate their privilege to that of the host\n (bsc#1158006 XSA-310).\n\n - CVE-2019-19577: Fixed an issue where a malicious guest\n administrator could have caused Xen to access data\n structures while they are being modified leading to a\n crash (bsc#1158007 XSA-311). \n\n - CVE-2019-19579: Fixed a privilege escaltion where an\n untrusted domain with access to a physical device can\n DMA into host memory (bsc#1157888 XSA-306).\n\n - Fixed an issue where PCI passthrough failed on AMD\n machine xen host (bsc#1157047). \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.", "edition": 10, "cvss3": {"score": 6.8, "vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-15T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2020-11)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-19579"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU"], "id": "OPENSUSE-2020-11.NASL", "href": "https://www.tenable.com/plugins/nessus/132904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-11.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132904);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2020-11)\");\n script_summary(english:\"Check for the openSUSE-2020-11 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\n - CVE-2019-19581: Fixed a potential out of bounds on\n 32-bit Arm (bsc#1158003 XSA-307).\n\n - CVE-2019-19582: Fixed a potential infinite loop when x86\n accesses to bitmaps with a compile time known size of 64\n (bsc#1158003 XSA-307).\n\n - CVE-2019-19583: Fixed improper checks which could have\n allowed HVM/PVH guest userspace code to crash the\n guest,leading to a guest denial of service (bsc#1158004\n XSA-308).\n\n - CVE-2019-19578: Fixed an issue where a malicious or\n buggy PV guest could have caused hypervisor crash\n resulting in denial of service affecting the entire host\n (bsc#1158005 XSA-309).\n\n - CVE-2019-19580: Fixed a privilege escalation where a\n malicious PV guest administrator could have been able to\n escalate their privilege to that of the host\n (bsc#1158006 XSA-310).\n\n - CVE-2019-19577: Fixed an issue where a malicious guest\n administrator could have caused Xen to access data\n structures while they are being modified leading to a\n crash (bsc#1158007 XSA-311). \n\n - CVE-2019-19579: Fixed a privilege escaltion where an\n untrusted domain with access to a physical device can\n DMA into host memory (bsc#1157888 XSA-306).\n\n - Fixed an issue where PCI passthrough failed on AMD\n machine xen host (bsc#1157047). \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19579\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-debugsource-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-devel-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-libs-debuginfo-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"xen-tools-domU-debuginfo-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.1_06-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.1_06-lp151.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:24:11", "description": "This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nFixed an issue where PCI passthrough failed on AMD machine xen host\n(bsc#1157047).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 6.8, "vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-19T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3338-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-19579"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-libs-32bit-debuginfo"], "id": "SUSE_SU-2019-3338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3338-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132309);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3338-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nFixed an issue where PCI passthrough failed on AMD machine xen host\n(bsc#1157047).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193338-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2f1de25\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-3338=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3338=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-3338=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19579\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-devel-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.12.1_06-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.12.1_06-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:23:50", "description": "This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-18423: A malicious guest administrator may cause a hypervisor\ncrash, resulting in a Denial of Service (DoS) (bsc#1154460 XSA-301).\n\nCVE-2019-18422: A malicious ARM guest might contrive to arrange for\ncritical Xen code to run with interrupts erroneously enabled. This\ncould lead to data corruption, denial of service, or possibly even\nprivilege escalation. However a precise attack technique has not been\nidentified. (bsc#1154464 XSA-303)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-17T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3309-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18422", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-19579"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2019-3309-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132091", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3309-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132091);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-18422\", \"CVE-2019-18423\", \"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3309-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-18423: A malicious guest administrator may cause a hypervisor\ncrash, resulting in a Denial of Service (DoS) (bsc#1154460 XSA-301).\n\nCVE-2019-18422: A malicious ARM guest might contrive to arrange for\ncritical Xen code to run with interrupts erroneously enabled. This\ncould lead to data corruption, denial of service, or possibly even\nprivilege escalation. However a precise attack technique has not been\nidentified. (bsc#1154464 XSA-303)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193309-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8871f024\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-3309=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-3309=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-devel-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.10.4_08-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.10.4_08-3.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-11T04:59:51", "description": "This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-18423: A malicious guest administrator may cause a hypervisor\ncrash, resulting in a Denial of Service (DoS). (bsc#1154460).\n\nCVE-2019-18424: An untrusted domain with access to a physical device\ncan DMA into host memory, leading to privilege escalation.\n(bsc#1154461).\n\nCVE-2019-18422: A malicious ARM guest might contrive to arrange for\ncritical Xen code to run with interrupts erroneously enabled. This\ncould lead to data corruption, denial of service, or possibly even\nprivilege escalation. However a precise attack technique has not been\nidentified. (bsc#1154464)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-17T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:3310-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18422", "CVE-2019-18424", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-19579"], "modified": "2019-12-17T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2019-3310-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3310-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132092);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2019-18422\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:3310-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues :\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\nbitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest,leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nCVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-18423: A malicious guest administrator may cause a hypervisor\ncrash, resulting in a Denial of Service (DoS). (bsc#1154460).\n\nCVE-2019-18424: An untrusted domain with access to a physical device\ncan DMA into host memory, leading to privilege escalation.\n(bsc#1154461).\n\nCVE-2019-18422: A malicious ARM guest might contrive to arrange for\ncritical Xen code to run with interrupts erroneously enabled. This\ncould lead to data corruption, denial of service, or possibly even\nprivilege escalation. However a precise attack technique has not been\nidentified. (bsc#1154464)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18422/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18423/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18424/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193310-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd71c492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-3310=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-3310=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-3310=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-doc-html-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-debugsource-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.11.3_02-2.20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.11.3_02-2.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:28:42", "description": "This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest, leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19579: Fixed a privilege escalation where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nXenstored Crashed during VM install (bsc#1167152)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.8, "vector": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-18T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11739", "CVE-2019-19577", "CVE-2020-11740", "CVE-2019-19581", "CVE-2020-0543", "CVE-2019-19580", "CVE-2020-7211", "CVE-2019-19578", "CVE-2019-19583", "CVE-2020-11741", "CVE-2020-11742", "CVE-2019-19579"], "modified": "2020-06-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-1630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137624);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19583\", \"CVE-2020-0543\", \"CVE-2020-11739\", \"CVE-2020-11740\", \"CVE-2020-11741\", \"CVE-2020-11742\", \"CVE-2020-7211\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:1630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-0543: Fixed a side channel attack against special registers\nwhich could have resulted in leaking of read values to cores other\nthan the one which called it. This attack is known as Special Register\nBuffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).\n\nCVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n(bsc#1169392).\n\nCVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues\n(bsc#1168140).\n\nCVE-2020-11739: Missing memory barriers in read-write unlock paths\n(bsc#1168142).\n\nCVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\nguest userspace code to crash the guest, leading to a guest denial of\nservice (bsc#1158004 XSA-308).\n\nCVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n(bsc#1158003 XSA-307).\n\nCVE-2019-19580: Fixed a privilege escalation where a malicious PV\nguest administrator could have been able to escalate their privilege\nto that of the host (bsc#1158006 XSA-310).\n\nCVE-2019-19579: Fixed a privilege escalation where an untrusted domain\nwith access to a physical device can DMA into host memory (bsc#1157888\nXSA-306).\n\nCVE-2019-19578: Fixed an issue where a malicious or buggy PV guest\ncould have caused hypervisor crash resulting in denial of service\naffecting the entire host (bsc#1158005 XSA-309).\n\nCVE-2019-19577: Fixed an issue where a malicious guest administrator\ncould have caused Xen to access data structures while they are being\nmodified leading to a crash (bsc#1158007 XSA-311).\n\nXenstored Crashed during VM install (bsc#1167152)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11742/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7211/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201630-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0121a5ca\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1630=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1630=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1630=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1630=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1630=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1630=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1630=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19579\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.4_06-3.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.4_06-3.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:25:33", "description": "This update for xen fixes the following issues :\n\nCVE-2020-7211: potential directory traversal using relative paths via\ntftp server on Windows host (bsc#1161181).\n\nCVE-2019-19579: Device quarantine for alternate pci assignment methods\n(bsc#1157888).\n\nCVE-2019-19581: find_next_bit() issues (bsc#1158003).\n\nCVE-2019-19583: VMentry failure with debug exceptions and blocked\nstates (bsc#1158004).\n\nCVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).\n\nCVE-2019-19580: Further issues with restartable PV type change\noperations (bsc#1158006).\n\nCVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).\n\nCVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).\n\nCVE-2019-18425: missing descriptor table limit checking in x86 PV\nemulation (bsc#1154456).\n\nCVE-2019-18421: Issues with restartable PV type change operations\n(bsc#1154458).\n\nCVE-2019-18424: passed through PCI devices may corrupt host memory\nafter deassignment (bsc#1154461).\n\nCVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka\nIFU issue) (bsc#1155945).\n\nCVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-07T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2019-18424", "CVE-2018-12207", "CVE-2019-19581", "CVE-2019-11135", "CVE-2019-19580", "CVE-2020-7211", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425"], "modified": "2020-02-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2020-0334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0334-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133539);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-11135\", \"CVE-2019-18420\", \"CVE-2019-18421\", \"CVE-2019-18424\", \"CVE-2019-18425\", \"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19583\", \"CVE-2020-7211\");\n script_xref(name:\"IAVB\", value:\"2019-B-0091-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for xen fixes the following issues :\n\nCVE-2020-7211: potential directory traversal using relative paths via\ntftp server on Windows host (bsc#1161181).\n\nCVE-2019-19579: Device quarantine for alternate pci assignment methods\n(bsc#1157888).\n\nCVE-2019-19581: find_next_bit() issues (bsc#1158003).\n\nCVE-2019-19583: VMentry failure with debug exceptions and blocked\nstates (bsc#1158004).\n\nCVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).\n\nCVE-2019-19580: Further issues with restartable PV type change\noperations (bsc#1158006).\n\nCVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).\n\nCVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).\n\nCVE-2019-18425: missing descriptor table limit checking in x86 PV\nemulation (bsc#1154456).\n\nCVE-2019-18421: Issues with restartable PV type change operations\n(bsc#1154458).\n\nCVE-2019-18424: passed through PCI devices may corrupt host memory\nafter deassignment (bsc#1154461).\n\nCVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka\nIFU issue) (bsc#1155945).\n\nCVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18421/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18424/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7211/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200334-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84dc9ed4\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-334=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-334=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-334=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-334=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.6_06-43.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.6_06-43.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-12-24T11:42:43", "bulletinFamily": "software", "cvelist": ["CVE-2019-14607", "CVE-2019-19577", "CVE-2019-19580", "CVE-2019-19583"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of vulnerabilities have been found in Citrix Hypervisor (formerly Citrix XenServer) that may:</p>\n<p>i. Allow the host to be compromised by privileged code in a PV guest VM,</p>\n<p>ii. allow unprivileged code in a HVM guest VM to cause that guest to crash and</p>\n<p>iii. under certain conditions, allow an HVM guest VM to cause the host to eventually run out of memory.</p>\n<p> </p>\n<p>These issues have the following identifiers:</p>\n<p>\u2022 CVE-2019-19580</p>\n<p>\u2022 CVE-2019-19583</p>\n<p>\u2022 CVE-2019-19577</p>\n<p> </p>\n<p>In addition, this hotfix contains updated microcode that addresses an issue in specific Intel CPU hardware that may allow malicious unprivileged code within a guest VM to compromise that guest VM.</p>\n<p> </p>\n<p>This issue has the following identifier:</p>\n<p>\u2022 CVE-2019-14607</p>\n<p> </p>\n<p>These issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.0.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers running only HVM workloads are not affected by the host compromise issue.</p>\n<p>Customers who are not running on AMD hardware, or who do not use PCI Passthrough functionality, are not affected by the memory exhaustion issue.</p>\n<p>Not all Intel CPUs are affected by the Intel CPU hardware issue. Details of which CPUs are affected can be found at: <a href=\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html\">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html</a>.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedules allow. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix Hypervisor 8.0: CTX263620 \u2013 <a href=\"https://support.citrix.com/article/CTX263620\">https://support.citrix.com/article/CTX263620</a> </p>\n<p>Citrix XenServer 7.6: CTX263619 - <a href=\"https://support.citrix.com/article/CTX263619\">https://support.citrix.com/article/CTX263619</a> </p>\n<p>Citrix XenServer 7.1 LTSR CU2: CTX263618 - <a href=\"https://support.citrix.com/article/CTX263618\">https://support.citrix.com/article/CTX263618</a> </p>\n<p>Citrix XenServer 7.0: CTX263617 - <a href=\"https://support.citrix.com/article/CTX263617\">https://support.citrix.com/article/CTX263617</a> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>11th December 2019</td>\n<td>Initial Publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2019-12-11T05:00:00", "published": "2019-12-11T05:00:00", "id": "CTX266932", "href": "https://support.citrix.com/article/CTX266932", "type": "citrix", "title": "Citrix Hypervisor Security Update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-01-14T02:24:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-19579"], "description": "This update for xen fixes the following issues:\n\n - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n (bsc#1158003 XSA-307).\n - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\n bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\n guest userspace code to crash the guest,leading to a guest denial of\n service (bsc#1158004 XSA-308).\n - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could\n have caused hypervisor crash resulting in denial of service affecting\n the entire host (bsc#1158005 XSA-309).\n - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest\n administrator could have been able to escalate their privilege to that\n of the host (bsc#1158006 XSA-310).\n - CVE-2019-19577: Fixed an issue where a malicious guest administrator\n could have caused Xen to access data structures while they are being\n modified leading to a crash (bsc#1158007 XSA-311).\n - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\n with access to a physical device can DMA into host memory (bsc#1157888\n XSA-306).\n - Fixed an issue where PCI passthrough failed on AMD machine xen host\n (bsc#1157047).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-01-14T00:12:41", "published": "2020-01-14T00:12:41", "id": "OPENSUSE-SU-2020:0011-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T16:29:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-19582", "CVE-2019-19581", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-19579"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-14T00:00:00", "id": "OPENVAS:1361412562310852977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852977", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2020:0011-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852977\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19577\", \"CVE-2019-19579\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-14 04:01:05 +0000 (Tue, 14 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2020:0011-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0011-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the openSUSE-SU-2020:0011-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes the following issues:\n\n - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm\n (bsc#1158003 XSA-307).\n\n - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to\n bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).\n\n - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH\n guest userspace code to crash the guest, leading to a guest denial of\n service (bsc#1158004 XSA-308).\n\n - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could\n have caused hypervisor crash resulting in denial of service affecting\n the entire host (bsc#1158005 XSA-309).\n\n - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest\n administrator could have been able to escalate their privilege to that\n of the host (bsc#1158006 XSA-310).\n\n - CVE-2019-19577: Fixed an issue where a malicious guest administrator\n could have caused Xen to access data structures while they are being\n modified leading to a crash (bsc#1158007 XSA-311).\n\n - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain\n with access to a physical device can DMA into host memory (bsc#1157888\n XSA-306).\n\n - Fixed an issue where PCI passthrough failed on AMD machine xen host\n (bsc#1157047).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-11=1\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit-debuginfo\", rpm:\"xen-libs-32bit-debuginfo~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.12.1_06~lp151.2.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-14T14:48:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18424", "CVE-2019-19582", "CVE-2018-12207", "CVE-2019-19581", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877281", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-6aad703290", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877281\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19577\", \"CVE-2019-19579\", \"CVE-2018-12207\", \"CVE-2019-11135\", \"CVE-2019-18420\", \"CVE-2019-18425\", \"CVE-2019-18421\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18422\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:35:24 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for xen FEDORA-2019-6aad703290\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6aad703290\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-6aad703290 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.12.1~8.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T18:32:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18424", "CVE-2019-19582", "CVE-2018-12207", "CVE-2019-19581", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425"], "description": "The remote host is missing an update for the ", "modified": "2020-01-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877391", "type": "openvas", "title": "Fedora: Security Advisory for xen (FEDORA-2020-8490989850)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877391\");\n script_version(\"2020-01-28T10:45:23+0000\");\n script_cve_id(\"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19577\", \"CVE-2019-19579\", \"CVE-2018-12207\", \"CVE-2019-11135\", \"CVE-2019-18420\", \"CVE-2019-18425\", \"CVE-2019-18421\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18422\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 10:45:23 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:25:50 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for xen (FEDORA-2020-8490989850)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-8490989850\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQYOBHGFVDEX2XIBLVUOX2MIYMMEEKUZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2020-8490989850 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.12.2~2.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-14T14:48:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2019-17350", "CVE-2018-12126", "CVE-2019-18422", "CVE-2019-18424", "CVE-2019-19582", "CVE-2018-12207", "CVE-2019-19581", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425", "CVE-2019-11091", "CVE-2019-17349", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-08T00:00:00", "id": "OPENVAS:1361412562310877102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877102", "type": "openvas", "title": "Fedora Update for xen FEDORA-2019-2e12bd3a9a", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877102\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19577\", \"CVE-2019-19579\", \"CVE-2018-12207\", \"CVE-2019-11135\", \"CVE-2019-18420\", \"CVE-2019-18425\", \"CVE-2019-18421\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18422\", \"CVE-2019-17349\", \"CVE-2019-17350\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-08 11:19:40 +0000 (Wed, 08 Jan 2020)\");\n script_name(\"Fedora Update for xen FEDORA-2019-2e12bd3a9a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2e12bd3a9a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2019-2e12bd3a9a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.3~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:32:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2019-17350", "CVE-2018-12126", "CVE-2019-18422", "CVE-2019-18424", "CVE-2019-19582", "CVE-2018-12207", "CVE-2019-19581", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425", "CVE-2019-11091", "CVE-2019-17349", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-02-04T00:00:00", "published": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310877407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877407", "type": "openvas", "title": "Fedora: Security Advisory for xen (FEDORA-2020-2d9a75fadb)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877407\");\n script_version(\"2020-02-04T12:23:30+0000\");\n script_cve_id(\"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\", \"CVE-2019-19578\", \"CVE-2019-19580\", \"CVE-2019-19577\", \"CVE-2019-19579\", \"CVE-2018-12207\", \"CVE-2019-11135\", \"CVE-2019-18420\", \"CVE-2019-18425\", \"CVE-2019-18421\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18422\", \"CVE-2019-17349\", \"CVE-2019-17350\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-11091\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-04 12:23:30 +0000 (Tue, 04 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-31 04:03:48 +0000 (Fri, 31 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for xen (FEDORA-2020-2d9a75fadb)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-2d9a75fadb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZM7VS62EPMMEV3VCH4OUOK4AOYILK2EM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2020-2d9a75fadb advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.11.3~3.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-14T14:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-17348", "CVE-2019-19577", "CVE-2019-18420", "CVE-2019-17350", "CVE-2018-12126", "CVE-2019-18422", "CVE-2019-17344", "CVE-2019-18424", "CVE-2019-17343", "CVE-2019-19582", "CVE-2019-17342", "CVE-2019-17346", "CVE-2018-12207", "CVE-2019-19581", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-17347", "CVE-2019-17341", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-17340", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425", "CVE-2019-17345", "CVE-2019-11091", "CVE-2019-17349", "CVE-2018-12130"], "description": "The remote host is missing an update for the ", "modified": "2020-01-14T00:00:00", "published": "2020-01-14T00:00:00", "id": "OPENVAS:1361412562310704602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704602", "type": "openvas", "title": "Debian Security Advisory DSA 4602-1 (xen - security update)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704602\");\n script_version(\"2020-01-14T04:00:38+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-12207\", \"CVE-2019-11091\", \"CVE-2019-11135\", \"CVE-2019-17340\", \"CVE-2019-17341\", \"CVE-2019-17342\", \"CVE-2019-17343\", \"CVE-2019-17344\", \"CVE-2019-17345\", \"CVE-2019-17346\", \"CVE-2019-17347\", \"CVE-2019-17348\", \"CVE-2019-17349\", \"CVE-2019-17350\", \"CVE-2019-18420\", \"CVE-2019-18421\", \"CVE-2019-18422\", \"CVE-2019-18423\", \"CVE-2019-18424\", \"CVE-2019-18425\", \"CVE-2019-19577\", \"CVE-2019-19578\", \"CVE-2019-19579\", \"CVE-2019-19580\", \"CVE-2019-19581\", \"CVE-2019-19582\", \"CVE-2019-19583\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-14 04:00:38 +0000 (Tue, 14 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-14 04:00:38 +0000 (Tue, 14 Jan 2020)\");\n script_name(\"Debian Security Advisory DSA 4602-1 (xen - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4602.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4602-1\");\n script_xref(name:\"URL\", value:\"https://xenbits.xen.org/xsa/advisory-305.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the DSA-4602-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, guest-to-host privilege escalation or\ninformation leaks.\n\nIn addition this update provides mitigations for the TSX Asynchronous Abort speculative side channel attack.\nPlease see the references for additional information.\");\n\n script_tag(name:\"affected\", value:\"'xen' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 4.8.5.final+shim4.10.4-1+deb9u12. Note that this will be the\nlast security update for Xen in the oldstable distribution, upstream\nsupport for the 4.8.x branch ended by the end of December 2019. If you\nrely on security support for your Xen installation an update to the\nstable distribution (buster) is recommended.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.3+24-g14b62ab3e5-1~deb10u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.5.final+shim4.10.4-1+deb9u12\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxencall1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxendevicemodel1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenevtchn1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenforeignmemory1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxengnttab1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenmisc4.11\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxentoolcore1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxentoollog1\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-doc\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-amd64\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-arm64\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.11-armhf\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-common\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.11\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.11.3+24-g14b62ab3e5-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425", "CVE-2019-19577", "CVE-2019-19578", "CVE-2019-19579", "CVE-2019-19580", "CVE-2019-19581", "CVE-2019-19582", "CVE-2019-19583"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-01-21T01:40:04", "published": "2020-01-21T01:40:04", "id": "FEDORA:5FE4A6076D31", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: xen-4.12.2-2.fc31", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425", "CVE-2019-19577", "CVE-2019-19578", "CVE-2019-19579", "CVE-2019-19580", "CVE-2019-19581", "CVE-2019-19582", "CVE-2019-19583"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2019-12-18T01:56:47", "published": "2019-12-18T01:56:47", "id": "FEDORA:07FF360D17A8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: xen-4.12.1-8.fc31", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-12207", "CVE-2019-11091", "CVE-2019-11135", "CVE-2019-17349", "CVE-2019-17350", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425", "CVE-2019-19577", "CVE-2019-19578", "CVE-2019-19579", "CVE-2019-19580", "CVE-2019-19581", "CVE-2019-19582", "CVE-2019-19583"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-01-03T20:36:27", "published": "2020-01-03T20:36:27", "id": "FEDORA:89A31604C861", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xen-4.11.3-2.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-12207", "CVE-2019-11091", "CVE-2019-11135", "CVE-2019-17349", "CVE-2019-17350", "CVE-2019-1842", "CVE-2019-18420", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425", "CVE-2019-19577", "CVE-2019-19578", "CVE-2019-19579", "CVE-2019-19580", "CVE-2019-19581", "CVE-2019-19582", "CVE-2019-19583"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2020-01-31T01:13:54", "published": "2020-01-31T01:13:54", "id": "FEDORA:308A766A87C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xen-4.11.3-3.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-03-26T16:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19577", "CVE-2019-18420", "CVE-2018-12126", "CVE-2019-18424", "CVE-2019-19582", "CVE-2018-12207", "CVE-2019-19581", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-18421", "CVE-2019-18425", "CVE-2019-11091", "CVE-2018-12130"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could potentially gain privileges on the host system or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.12.0-r1\"", "edition": 1, "modified": "2020-03-25T00:00:00", "published": "2020-03-25T00:00:00", "id": "GLSA-202003-56", "href": "https://security.gentoo.org/glsa/202003-56", "title": "Xen: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-09-12T01:07:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17348", "CVE-2019-19577", "CVE-2019-18420", "CVE-2019-17350", "CVE-2018-12126", "CVE-2019-18422", "CVE-2019-17344", "CVE-2019-18424", "CVE-2019-17343", "CVE-2019-19582", "CVE-2019-17342", "CVE-2019-17346", "CVE-2018-12207", "CVE-2019-19581", "CVE-2018-12127", "CVE-2019-11135", "CVE-2019-19580", "CVE-2019-17347", "CVE-2019-17341", "CVE-2019-19578", "CVE-2019-19583", "CVE-2019-18423", "CVE-2019-17340", "CVE-2019-18421", "CVE-2019-19579", "CVE-2019-18425", "CVE-2019-17345", "CVE-2019-11091", "CVE-2019-17349", "CVE-2018-12130"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4602-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 13, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2019-17349 CVE-2019-17350 CVE-2019-18420 CVE-2019-18421 \n CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 \n CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 \n CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 CVE-2018-12207\n CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091\n CVE-2019-11135 CVE-2019-17348 CVE-2019-17347 CVE-2019-17346\n CVE-2019-17345 CVE-2019-17344 CVE-2019-17343 CVE-2019-17342\n CVE-2019-17341 CVE-2019-17340\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, guest-to-host privilege escalation or\ninformation leaks.\n\nIn addition this update provides mitigations for the &quot;TSX Asynchronous Abort&quot;\nspeculative side channel attack. For additional information please refer to\nhttps://xenbits.xen.org/xsa/advisory-305.html\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 4.8.5.final+shim4.10.4-1+deb9u12. Note that this will be the\nlast security update for Xen in the oldstable distribution; upstream\nsupport for the 4.8.x branch ended by the end of December 2019. If you\nrely on security support for your Xen installation an update to the\nstable distribution (buster) is recommended.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.3+24-g14b62ab3e5-1~deb10u1.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2020-01-13T22:27:57", "published": "2020-01-13T22:27:57", "id": "DEBIAN:DSA-4602-1:C29F7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00005.html", "title": "[SECURITY] [DSA 4602-1] xen security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}