Vulnerabilities > CVE-2019-12068 - Infinite Loop vulnerability in multiple products

047910
CVSS 3.8 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
local
low complexity
qemu
canonical
opensuse
CWE-835
nessus

Summary

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2956-1.NASL
    descriptionThis update for qemu fixes the following issues : Remove a backslash
    last seen2020-06-01
    modified2020-06-02
    plugin id130954
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130954
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2956-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2956-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130954);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-20126", "CVE-2019-11135", "CVE-2019-12068");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2956-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Remove a backslash '\' escape character from 80-qemu-ga.rules
    (bsc#1153358) Unlike sles 15 or newer guests, The udev rule file of
    qemu guest agent in sles 12 sp4 or newer guest only needs one escape
    character.
    
    Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
    
    Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
    bsc#1146873)
    
    Expose taa-no 'feature', indicating CPU does not have the TSX Async
    Abort vulnerability. (CVE-2019-11135 bsc#1152506)
    
    Expose pschange-mc-no 'feature', indicating CPU does not have the page
    size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
    
    Patch queue updated from
    https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://gitlab.suse.de/virtualization/qemu.git"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4f81dc69"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-2956=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-2956=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-block-rbd-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-block-rbd-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-x86-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"qemu-s390-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-curl-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-curl-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-iscsi-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-iscsi-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-ssh-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-ssh-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-debugsource-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-guest-agent-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-guest-agent-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-lang-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-tools-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-tools-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-kvm-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-block-curl-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-block-curl-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-debugsource-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-kvm-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-tools-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-tools-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-x86-2.11.2-5.23.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2510.NASL
    descriptionThis update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed : - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) - CVE-2019-11135: Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id131064
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131064
    titleopenSUSE Security Update : qemu (openSUSE-2019-2510)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2510.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131064);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-20126", "CVE-2019-11135", "CVE-2019-12068", "CVE-2019-14378", "CVE-2019-15890");
    
      script_name(english:"openSUSE Security Update : qemu (openSUSE-2019-2510)");
      script_summary(english:"Check for the openSUSE-2019-2510 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which
    includes 2 fixes we already carry, as well as one additional use-
    after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378
    bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively)
    
    Security issues fixed :
    
      - CVE-2019-12068: Fixed potential DOS in lsi scsi
        controller emulation (bsc#1146873)
    
      - CVE-2019-11135: Expose taa-no 'feature', indicating CPU
        does not have the TSX Async Abort vulnerability.
        (bsc#1152506)
    
      - CVE-2018-12207: Expose pschange-mc-no 'feature',
        indicating CPU does not have the page size change
        machine check vulnerability (bsc#1117665)
    
    Other issues fixed :
    
      - Change how this bug gets fixed (bsc#1144087)
    
      - Disable file locking in the Xen PV disk backend to avoid
        locking issues with PV domUs during migration. The
        issues triggered by the locking can not be properly
        handled in libxl. The locking introduced in qemu-2.10
        was removed again in qemu-4.0. (bsc#1079730,
        bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)
    
      - Feature support for vfio-ccw dasd ipl (bsc#1145379
        jira-SLE-6132)
    
      - Additional hardware instruction support for s390, also
        update qemu linux headers to 5.2-rc1 (bsc#1145436
        jira-SLE-6237)
    
    This update was imported from the SUSE:SLE-15-SP1:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145436"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145774"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1152506"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected qemu packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-alsa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-oss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-oss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-pa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-pa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-sdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-audio-sdl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-gluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-nfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-nfs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ipxe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ksm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-seabios");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-sgabios");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-gtk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-sdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ui-sdl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-vgabios");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-arm-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-arm-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-alsa-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-alsa-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-oss-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-oss-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-pa-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-pa-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-sdl-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-audio-sdl-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-curl-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-curl-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-dmg-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-dmg-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-gluster-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-gluster-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-iscsi-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-iscsi-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-nfs-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-nfs-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-rbd-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-rbd-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-ssh-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-block-ssh-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-debugsource-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-extra-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-extra-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-guest-agent-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-guest-agent-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ipxe-1.0.0+-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ksm-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-kvm-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-lang-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-linux-user-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-linux-user-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-linux-user-debugsource-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ppc-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ppc-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-s390-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-s390-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-seabios-1.12.0-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-sgabios-8-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-tools-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-tools-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-curses-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-curses-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-gtk-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-gtk-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-sdl-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-ui-sdl-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-vgabios-1.12.0-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-x86-3.1.1.1-lp151.7.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"qemu-x86-debuginfo-3.1.1.1-lp151.7.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-linux-user / qemu-linux-user-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2955-1.NASL
    descriptionThis update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed : CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) CVE-2019-11135: Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id130953
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130953
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2955-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130953);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-20126", "CVE-2019-11135", "CVE-2019-12068", "CVE-2019-14378", "CVE-2019-15890");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which
    includes 2 fixes we already carry, as well as one additional use-
    after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378
    bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively)
    
    Security issues fixed :
    
    CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation
    (bsc#1146873)
    
    CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have
    the TSX Async Abort vulnerability. (bsc#1152506)
    
    CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does
    not have the page size change machine check vulnerability
    (bsc#1117665)
    
    Other issues fixed: Change how this bug gets fixed (bsc#1144087)
    
    Disable file locking in the Xen PV disk backend to avoid locking
    issues with PV domUs during migration. The issues triggered by the
    locking can not be properly handled in libxl. The locking introduced
    in qemu-2.10 was removed again in qemu-4.0. (bsc#1079730, bsc#1098403,
    bsc#1111025, bsc#1145427, bsc#1145774)
    
    Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)
    
    Additional hardware instruction support for s390, also update qemu
    linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145436"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145774"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15890/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192955-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?34dce43a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in
    -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2955=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2955=1
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-SP1-2019-2955=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-lang-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-kvm-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-3.1.1.1-9.6.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1.1-9.6.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2753-1.NASL
    descriptionThis update for xen to version 4.11.2 fixes the following issues : Security issues fixed : CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). Fixed an issue where libxenlight could not create new domain (bsc#1131811). Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130197
    published2019-10-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130197
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2753-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2753-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130197);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-12068", "CVE-2019-14378", "CVE-2019-15890", "CVE-2019-17340", "CVE-2019-17341", "CVE-2019-17342", "CVE-2019-17343", "CVE-2019-17344", "CVE-2019-17345", "CVE-2019-17346", "CVE-2019-17347", "CVE-2019-17348");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2753-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for xen to version 4.11.2 fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-15890: Fixed a use-after-free in SLiRP networking
    implementation of QEMU emulator which could have led to Denial of
    Service (bsc#1149813).
    
    CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite
    loop and denial of service (bsc#1146874).
    
    CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking
    implementation of QEMU emulator which could have led to execution of
    arbitrary code with privileges of the QEMU process (bsc#1143797).
    
    Other issues fixed: Fixed an HPS bug which did not allow to install
    Windows Server 2016 with 2 CPUs setting or above (bsc#1137717).
    
    Fixed a segmentation fault in Libvrtd during live migration to a VM
    (bsc#1145774).
    
    Fixed an issue where libxenlight could not create new domain
    (bsc#1131811).
    
    Fixed an issue where attached pci devices were lost after reboot
    (bsc#1129642).
    
    Fixed an issue where Xen could not pre-allocate 1 shadow page
    (bsc#1145240).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126141"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145774"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12127/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12130/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11091/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15890/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17341/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17343/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17344/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17345/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17347/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17348/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?91ab9f99"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-2753=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-2753=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-2753=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17346");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/24");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-debugsource-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-debuginfo-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-debugsource-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.11.2_02-2.14.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-4.11.2_02-2.14.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2954-1.NASL
    descriptionThis update for qemu fixes the following issues : Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id130952
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130952
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2954-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2954-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130952);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-20126", "CVE-2019-11135", "CVE-2019-12068");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2954-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Patch queue updated from
    https://gitlab.suse.de/virtualization/qemu.git SLE15
    
    Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
    
    Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
    bsc#1146873)
    
    Expose taa-no 'feature', indicating CPU does not have the TSX Async
    Abort vulnerability. (CVE-2019-11135 bsc#1152506)
    
    Expose pschange-mc-no 'feature', indicating CPU does not have the page
    size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://gitlab.suse.de/virtualization/qemu.git"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192954-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fb12ce52"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
    patch SUSE-SLE-Module-Server-Applications-15-2019-2954=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-2954=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-2954=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-lang-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-kvm-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-2.11.2-9.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.33.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0388-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304). CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-03-18
    modified2020-02-18
    plugin id133763
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133763
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0388-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133763);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-19965", "CVE-2019-11135", "CVE-2019-12067", "CVE-2019-12068", "CVE-2019-12155", "CVE-2019-14378", "CVE-2019-15890", "CVE-2019-17340", "CVE-2019-17341", "CVE-2019-17342", "CVE-2019-17343", "CVE-2019-17344", "CVE-2019-17347", "CVE-2019-18420", "CVE-2019-18421", "CVE-2019-18424", "CVE-2019-18425", "CVE-2019-19577", "CVE-2019-19578", "CVE-2019-19579", "CVE-2019-19580", "CVE-2019-19581", "CVE-2019-19583", "CVE-2020-7211");
    
      script_name(english:"SUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for xen fixes the following issues :
    
    CVE-2018-12207: Fixed a race condition where untrusted virtual
    machines could have been using the Instruction Fetch Unit of the Intel
    CPU to cause a Machine Exception during Page Size Change, causing the
    CPU core to be non-functional (bsc#1155945 XSA-304).
    
    CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a
    non-canonical addresses (bsc#1115045 XSA-279).
    
    CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs
    with Transactional Memory support could be used to facilitate
    side-channel information leaks out of microarchitectural buffers,
    similar to the previously described 'Microarchitectural Data Sampling'
    attack. (bsc#1152497 XSA-305).
    
    CVE-2019-12067: Fixed a NULL pointer dereference in QEMU AHCI
    (bsc#1145652).
    
    CVE-2019-12068: Fixed an infinite loop while executing script
    (bsc#1146874).
    
    CVE-2019-12155: Fixed a NULL pointer dereference while releasing spice
    resources (bsc#1135905).
    
    CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly
    in slirp networking implementation (bsc#1143797).
    
    CVE-2019-15890: Fixed a use-after-free during packet reassembly
    (bsc#1149813).
    
    CVE-2019-17340: Fixed grant table transfer issues on large hosts
    (XSA-284 bsc#1126140).
    
    CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285
    bsc#1126141).
    
    CVE-2019-17342: Fixed steal_page violating page_struct access
    discipline (XSA-287 bsc#1126192).
    
    CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288
    bsc#1126195).
    
    CVE-2019-17344: Fixed a missing preemption in x86 PV page table
    unvalidation (XSA-290 bsc#1126196).
    
    CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293
    bsc#1126201).
    
    CVE-2019-18420: Fixed a hypervisor crash that could be caused by
    malicious x86 PV guests, resulting in a denial of service (bsc#1154448
    XSA-296).
    
    CVE-2019-18421: Fixed a privilege escalation through malicious PV
    guest administrators (bsc#1154458 XSA-299).
    
    CVE-2019-18424: Fixed a privilege escalation through DMA to physical
    devices by untrusted domains (bsc#1154461 XSA-302).
    
    CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used
    mode (bsc#1154456 XSA-298).
    
    CVE-2019-19577: Fixed an issue where a malicious guest administrator
    could have caused Xen to access data structures while they are being
    modified leading to a crash (bsc#1158007 XSA-311).
    
    CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest
    could have caused hypervisor crash resulting in denial of service
    affecting the entire host (bsc#1158005 XSA-309).
    
    CVE-2019-19579: Fixed a privilege escalation where an untrusted domain
    with access to a physical device can DMA into host memory (bsc#1157888
    XSA-306).
    
    CVE-2019-19580: Fixed a privilege escalation where a malicious PV
    guest administrator could have been able to escalate their privilege
    to that of the host (bsc#1158006 XSA-310).
    
    CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm
    (bsc#1158003 XSA-307).
    
    CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH
    guest userspace code to crash the guest, leading to a guest denial of
    service (bsc#1158004 XSA-308).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1115045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126141"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154458"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158004"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1161181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-19965/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12067/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15890/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17341/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17343/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17344/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17347/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18420/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18421/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18424/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18425/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19577/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19578/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19579/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19580/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19581/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19583/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-7211/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200388-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?87d2932e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2020-388=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2020-388=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-debugsource-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-32bit-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.5.5_28-22.64.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.5.5_28-22.64.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2769-1.NASL
    descriptionThis update for xen fixes the following issues : Security issues fixed : CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issue fixed: Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130253
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130253
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2019:2769-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2769-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130253);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-12068", "CVE-2019-14378", "CVE-2019-15890", "CVE-2019-17340", "CVE-2019-17341", "CVE-2019-17342", "CVE-2019-17343", "CVE-2019-17344", "CVE-2019-17345", "CVE-2019-17346", "CVE-2019-17347", "CVE-2019-17348");
    
      script_name(english:"SUSE SLES12 Security Update : xen (SUSE-SU-2019:2769-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for xen fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-15890: Fixed a use-after-free in SLiRP networking
    implementation of QEMU emulator which could have led to Denial of
    Service (bsc#1149813).
    
    CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite
    loop and denial of service (bsc#1146874).
    
    CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking
    implementation of QEMU emulator which could have led to execution of
    arbitrary code with privileges of the QEMU process (bsc#1143797).
    
    Other issue fixed: Fixed an issue where libxenlight could not restore
    domain vsa6535522 on live migration (bsc#1133818).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126141"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12127/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12130/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11091/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15890/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17341/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17342/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17343/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17344/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17345/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17346/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17347/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17348/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c50006b3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-2769=1
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-2769=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-2769=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-2769=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-2769=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-2769=1
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-2769=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17346");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-debugsource-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-doc-html-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-32bit-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-debuginfo-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-debuginfo-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-domU-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-debugsource-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-doc-html-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-32bit-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-libs-debuginfo-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-debuginfo-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-domU-4.9.4_04-3.56.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.9.4_04-3.56.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4191-1.NASL
    descriptionIt was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Worner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a NULL pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131017
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131017
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : qemu vulnerabilities (USN-4191-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4191-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131017);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2019-12068", "CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-15890");
      script_xref(name:"USN", value:"4191-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : qemu vulnerabilities (USN-4191-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the LSI SCSI adapter emulator implementation in
    QEMU did not properly validate executed scripts. A local attacker
    could use this to cause a denial of service. (CVE-2019-12068)
    
    Sergej Schumilo, Cornelius Aschermann and Simon Worner discovered
    that the qxl paravirtual graphics driver implementation in QEMU
    contained a NULL pointer dereference. A local attacker in a guest
    could use this to cause a denial of service. (CVE-2019-12155)
    
    Riccardo Schirone discovered that the QEMU bridge helper did not
    properly validate network interface names. A local attacker could
    possibly use this to bypass ACL restrictions. (CVE-2019-13164)
    
    It was discovered that a heap-based buffer overflow existed in the
    SLiRP networking implementation of QEMU. A local attacker in a guest
    could use this to cause a denial of service or possibly execute
    arbitrary code in the host. (CVE-2019-14378)
    
    It was discovered that a use-after-free vulnerability existed in the
    SLiRP networking implementation of QEMU. A local attacker in a guest
    could use this to cause a denial of service. (CVE-2019-15890).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4191-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-user-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"qemu", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"qemu-kvm", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"qemu-system-common", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"qemu-system-x86", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"qemu-user-static", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"qemu-utils", pkgver:"1:2.5+dfsg-5ubuntu10.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu-kvm", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu-system-common", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu-system-x86", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu-user-static", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"qemu-utils", pkgver:"1:2.11+dfsg-1ubuntu7.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-kvm", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-system-common", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-system-gui", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-system-x86", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-user-static", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"qemu-utils", pkgver:"1:3.1+dfsg-2ubuntu3.6")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-kvm", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-system-common", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-system-gui", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-system-x86", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-user-static", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"qemu-utils", pkgver:"1:4.0+dfsg-0ubuntu9.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu / qemu-kvm / qemu-system-common / qemu-system-gui / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4665.NASL
    descriptionMultiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
    last seen2020-05-06
    modified2020-04-29
    plugin id136069
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136069
    titleDebian DSA-4665-1 : qemu - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1927.NASL
    descriptionSeveral vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). CVE-2016-5126 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2017-9375 QEMU, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. CVE-2019-12068 QEMU scsi disk backend: lsi: exit infinite loop while executing script CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference. CVE-2019-13164 qemu-bridge-helper.c in QEMU does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. CVE-2019-14378 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-15890 libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in ip_input.c. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id129105
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129105
    titleDebian DLA-1927-1 : qemu security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2783-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130343
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130343
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2019:2783-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2505.NASL
    descriptionThis update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id131059
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131059
    titleopenSUSE Security Update : qemu (openSUSE-2019-2505)