Vulnerabilities > CVE-2019-12155 - NULL Pointer Dereference vulnerability in Qemu 4.0.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
qemu
CWE-476
nessus

Summary

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Vulnerable Configurations

Part Description Count
Application
Qemu
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2192-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) Add SnowRidge-Server vcpu model (jsc#SLE-4883) Add in documentation about md-clear feature (bsc#1138534) Fix SEV issue where older machine type is not processed correctly (bsc#1144087) Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) Ignore csske for expanding the cpu model (bsc#1136540) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128074
    published2019-08-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128074
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2192-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128074);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-5008");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-14378: Security fix for heap overflow in ip_reass on big
    packet input (bsc#1143794).
    
    CVE-2019-12155: Security fix for NULL pointer dereference while
    releasing spice resources (bsc#1135902).
    
    CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be
    bypassed when names are too long (bsc#1140402).
    
    CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual
    machine possible through guest device driver (bsc#1133031).
    
    Bug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu
    model to now be simply Snowridge (jsc#SLE-4883)
    
    Add SnowRidge-Server vcpu model (jsc#SLE-4883)
    
    Add in documentation about md-clear feature (bsc#1138534)
    
    Fix SEV issue where older machine type is not processed correctly
    (bsc#1144087)
    
    Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)
    
    Further refine arch-capabilities handling to help with security and
    performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)
    
    Add support for one more security/performance related vcpu feature
    (bsc#1136778) (fate#327796)
    
    Ignore csske for expanding the cpu model (bsc#1136540)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13164/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5008/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192192-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e13d510"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in
    -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2192=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2192=1
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-SP1-2019-2192=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-lang-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-kvm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-testsuite-3.1.1-9.3.4")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-testsuite-3.1.1-9.3.4")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1-9.3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2227.NASL
    descriptionAccording to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.(CVE-2019-6778) - The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.(CVE-2015-7549) - The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.(CVE-2016-2841) - Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.(CVE-2017-9374) - Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).(CVE-2017-18043) - Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.(CVE-2017-5579) - The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.(CVE-2015-4037) - The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.(CVE-2016-7908) - hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.(CVE-2013-4544) - Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.(CVE-2016-2538) - Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.(CVE-2018-10839) - Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.(CVE-2017-9373) - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.(CVE-2019-9824) - QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.(CVE-2017-9503) - Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.(CVE-2013-4526) - Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.(CVE-2013-4530) - Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.(CVE-2013-4539) - Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.(CVE-2013-4540) - The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.(CVE-2017-5987) - Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12126) - Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12127) - Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12130) - Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2019-11091) - interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155) - Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.(CVE-2016-7161) - Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.(CVE-2015-5279) - The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.(CVE-2017-5667) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130689
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130689
    titleEulerOS 2.0 SP5 : qemu-kvm (EulerOS-SA-2019-2227)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130689);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2013-4526",
        "CVE-2013-4530",
        "CVE-2013-4539",
        "CVE-2013-4540",
        "CVE-2013-4544",
        "CVE-2015-4037",
        "CVE-2015-5279",
        "CVE-2015-7549",
        "CVE-2016-2538",
        "CVE-2016-2841",
        "CVE-2016-7161",
        "CVE-2016-7908",
        "CVE-2017-18043",
        "CVE-2017-5579",
        "CVE-2017-5667",
        "CVE-2017-5987",
        "CVE-2017-9373",
        "CVE-2017-9374",
        "CVE-2017-9503",
        "CVE-2018-10839",
        "CVE-2018-12126",
        "CVE-2018-12127",
        "CVE-2018-12130",
        "CVE-2019-11091",
        "CVE-2019-12155",
        "CVE-2019-6778",
        "CVE-2019-9824"
      );
      script_bugtraq_id(
        66955,
        67483,
        74809
      );
    
      script_name(english:"EulerOS 2.0 SP5 : qemu-kvm (EulerOS-SA-2019-2227)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the qemu-kvm packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a
        heap-based buffer overflow.(CVE-2019-6778)
    
      - The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka
        Quick Emulator) allows local guest OS privileged users
        to cause a denial of service (NULL pointer dereference
        and QEMU process crash) by leveraging failure to define
        the .write method.(CVE-2015-7549)
    
      - The ne2000_receive function in the NE2000 NIC emulation
        support (hw/net/ne2000.c) in QEMU before 2.5.1 allows
        local guest OS administrators to cause a denial of
        service (infinite loop and QEMU process crash) via
        crafted values for the PSTART and PSTOP registers,
        involving ring buffer control.(CVE-2016-2841)
    
      - Memory leak in QEMU (aka Quick Emulator), when built
        with USB EHCI Emulation support, allows local guest OS
        privileged users to cause a denial of service (memory
        consumption) by repeatedly hot-unplugging the
        device.(CVE-2017-9374)
    
      - Integer overflow in the macro ROUND_UP (n, d) in Quick
        Emulator (Qemu) allows a user to cause a denial of
        service (Qemu process crash).(CVE-2017-18043)
    
      - Memory leak in the serial_exit_core function in
        hw/char/serial.c in QEMU (aka Quick Emulator) allows
        local guest OS privileged users to cause a denial of
        service (host memory consumption and QEMU process
        crash) via a large number of device unplug
        operations.(CVE-2017-5579)
    
      - The slirp_smb function in net/slirp.c in QEMU 2.3.0 and
        earlier creates temporary files with predictable names,
        which allows local users to cause a denial of service
        (instantiation failure) by creating /tmp/qemu-smb.*-*
        files before the program.(CVE-2015-4037)
    
      - The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU
        (aka Quick Emulator) does not properly limit the buffer
        descriptor count when transmitting packets, which
        allows local guest OS administrators to cause a denial
        of service (infinite loop and QEMU process crash) via
        vectors involving a buffer descriptor with a length of
        0 and crafted values in bd.flags.(CVE-2016-7908)
    
      - hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier
        allows local guest users to cause a denial of service
        or possibly execute arbitrary code via vectors related
        to (1) RX or (2) TX queue numbers or (3) interrupt
        indices. NOTE: some of these details are obtained from
        third party information.(CVE-2013-4544)
    
      - Multiple integer overflows in the USB Net device
        emulator (hw/usb/dev-network.c) in QEMU before 2.5.1
        allow local guest OS administrators to cause a denial
        of service (QEMU process crash) or obtain sensitive
        host memory information via a remote NDIS control
        message packet that is mishandled in the (1)
        rndis_query_response, (2) rndis_set_response, or (3)
        usb_net_handle_dataout function.(CVE-2016-2538)
    
      - Qemu emulator <= 3.0.0 built with the NE2000 NIC
        emulation support is vulnerable to an integer overflow,
        which could lead to buffer overflow issue. It could
        occur when receiving packets over the network. A user
        inside guest could use this flaw to crash the Qemu
        process resulting in DoS.(CVE-2018-10839)
    
      - Memory leak in QEMU (aka Quick Emulator), when built
        with IDE AHCI Emulation support, allows local guest OS
        privileged users to cause a denial of service (memory
        consumption) by repeatedly hot-unplugging the AHCI
        device.(CVE-2017-9373)
    
      - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c)
        in QEMU 3.0.0 uses uninitialized data in an snprintf
        call, leading to Information disclosure.(CVE-2019-9824)
    
      - QEMU (aka Quick Emulator), when built with MegaRAID SAS
        8708EM2 Host Bus Adapter emulation support, allows
        local guest OS privileged users to cause a denial of
        service (NULL pointer dereference and QEMU process
        crash) via vectors involving megasas command
        processing.(CVE-2017-9503)
    
      - Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2
        allows remote attackers to cause a denial of service
        and possibly execute arbitrary code via vectors related
        to migrating ports.(CVE-2013-4526)
    
      - Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2
        allows remote attackers to cause a denial of service or
        possibly execute arbitrary code via crafted
        tx_fifo_head and rx_fifo_head values in a savevm
        image.(CVE-2013-4530)
    
      - Multiple buffer overflows in the tsc210x_load function
        in hw/input/tsc210x.c in QEMU before 1.7.2 might allow
        remote attackers to execute arbitrary code via a
        crafted (1) precision, (2) nextprecision, (3) function,
        or (4) nextfunction value in a savevm
        image.(CVE-2013-4539)
    
      - Buffer overflow in scoop_gpio_handler_update in QEMU
        before 1.7.2 might allow remote attackers to execute
        arbitrary code via a large (1) prev_level, (2)
        gpio_level, or (3) gpio_dir value in a savevm
        image.(CVE-2013-4540)
    
      - The sdhci_sdma_transfer_multi_blocks function in
        hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local
        OS guest privileged users to cause a denial of service
        (infinite loop and QEMU process crash) via vectors
        involving the transfer mode register during multi block
        transfer.(CVE-2017-5987)
    
      - Microarchitectural Store Buffer Data Sampling (MSBDS):
        Store buffers on some microprocessors utilizing
        speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side
        channel with local access. A list of impacted products
        can be found here:
        https://www.intel.com/content/dam/www/public/us/en/docu
        ments/corporate-information/SA00233-microcode-update-gu
        idance_05132019.pdf(CVE-2018-12126)
    
      - Microarchitectural Load Port Data Sampling (MLPDS):
        Load ports on some microprocessors utilizing
        speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side
        channel with local access. A list of impacted products
        can be found here:
        https://www.intel.com/content/dam/www/public/us/en/docu
        ments/corporate-information/SA00233-microcode-update-gu
        idance_05132019.pdf(CVE-2018-12127)
    
      - Microarchitectural Fill Buffer Data Sampling (MFBDS):
        Fill buffers on some microprocessors utilizing
        speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side
        channel with local access. A list of impacted products
        can be found here:
        https://www.intel.com/content/dam/www/public/us/en/docu
        ments/corporate-information/SA00233-microcode-update-gu
        idance_05132019.pdf(CVE-2018-12130)
    
      - Microarchitectural Data Sampling Uncacheable Memory
        (MDSUM): Uncacheable memory on some microprocessors
        utilizing speculative execution may allow an
        authenticated user to potentially enable information
        disclosure via a side channel with local access. A list
        of impacted products can be found here:
        https://www.intel.com/content/dam/www/public/us/en/docu
        ments/corporate-information/SA00233-microcode-update-gu
        idance_05132019.pdf(CVE-2019-11091)
    
      - interface_release_resource in hw/display/qxl.c in QEMU
        4.0.0 has a NULL pointer dereference.(CVE-2019-12155)
    
      - Heap-based buffer overflow in the .receive callback of
        xlnx.xps-ethernetlite in QEMU (aka Quick Emulator)
        allows attackers to execute arbitrary code on the QEMU
        host via a large ethlite packet.(CVE-2016-7161)
    
      - Heap-based buffer overflow in the ne2000_receive
        function in hw/net/ne2000.c in QEMU before 2.4.0.1
        allows guest OS users to cause a denial of service
        (instance crash) or possibly execute arbitrary code via
        vectors related to receiving packets.(CVE-2015-5279)
    
      - The sdhci_sdma_transfer_multi_blocks function in
        hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local
        guest OS privileged users to cause a denial of service
        (out-of-bounds heap access and crash) or execute
        arbitrary code on the QEMU host via vectors involving
        the data transfer length.(CVE-2017-5667)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2227
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?95b359a0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected qemu-kvm packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-img");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["qemu-img-1.5.3-156.5.h14.eulerosv2r7",
            "qemu-kvm-1.5.3-156.5.h14.eulerosv2r7",
            "qemu-kvm-common-1.5.3-156.5.h14.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1216.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1216 advisory. - QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) - QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-31
    plugin id135033
    published2020-03-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135033
    titleRHEL 7 : qemu-kvm-rhev (RHSA-2020:1216)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1216. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135033);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/20");
    
      script_cve_id("CVE-2019-12155", "CVE-2019-14378", "CVE-2020-1711");
      script_bugtraq_id(108429);
      script_xref(name:"RHSA", value:"2020:1216");
    
      script_name(english:"RHEL 7 : qemu-kvm-rhev (RHSA-2020:1216)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1216 advisory.
    
      - QEMU: qxl: null pointer dereference while releasing
        spice resources (CVE-2019-12155)
    
      - QEMU: slirp: heap buffer overflow during packet
        reassembly (CVE-2019-14378)
    
      - QEMU: block: iscsi: OOB heap access via an unexpected
        response of iSCSI Server (CVE-2020-1711)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1216");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-12155");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14378");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1711");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1648622");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1665256");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1711643");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1721522");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1724048");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1734502");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1743365");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1746224");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1764120");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1775251");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14378");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(122, 476);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhev_manager:4.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::hypervisor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'qemu-img-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-common-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-tools-rhev-2.12.0-44.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'10'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc');
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-E9DE40D53F.NASL
    description - CVE-2019-12155: qxl: NULL pointer dereference while releasing spice resources (bz #1712727, bz #1712670) - CVE-2019-5008: NULL pointer dereference in hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz #1705915) - CVE-2018-20815: device_tree: heap buffer overflow while loading device tree blob (bz #1693117, bz #1693101) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126533
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126533
    titleFedora 29 : 2:qemu (2019-e9de40d53f)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-e9de40d53f.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126533);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2018-20815", "CVE-2019-12155", "CVE-2019-5008");
      script_xref(name:"FEDORA", value:"2019-e9de40d53f");
    
      script_name(english:"Fedora 29 : 2:qemu (2019-e9de40d53f)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - CVE-2019-12155: qxl: NULL pointer dereference while
        releasing spice resources (bz #1712727, bz #1712670)
    
      - CVE-2019-5008: NULL pointer dereference in
        hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz
        #1705915)
    
      - CVE-2018-20815: device_tree: heap buffer overflow while
        loading device tree blob (bz #1693117, bz #1693101)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9de40d53f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:qemu package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"qemu-3.0.1-4.fc29", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2246-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). Ignore csske for expanding the cpu model (bsc#1136540) Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128318
    published2019-08-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128318
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2246-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128318);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-14378: Security fix for heap overflow in ip_reass on big
    packet input (bsc#1143794).
    
    CVE-2019-12155: Security fix for NULL pointer dereference while
    releasing spice resources (bsc#1135902).
    
    CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be
    bypassed when names are too long (bsc#1140402).
    
    Bug fixes and enhancements: Add vcpu features needed for
    Cascadelake-Server, Icelake-Client and Icelake-Server, especially the
    foundational arch-capabilities to help with security and performance
    on Intel hosts (bsc#1134883) (fate#327764)
    
    Add support for one more security/performance related vcpu feature
    (bsc#1136778) (fate#327796)
    
    Disable file locking in the Xen PV disk backend to avoid locking
    issues with PV domUs during migration. The issues triggered by the
    locking can not be properly handled in libxl. The locking introduced
    in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403,
    bsc#1111025).
    
    Ignore csske for expanding the cpu model (bsc#1136540)
    
    Fix vm migration is failing with input/output error when nfs server is
    disconnected (bsc#1119115)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13164/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192246-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?901c6416"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
    patch SUSE-SLE-Module-Server-Applications-15-2019-2246=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-2246=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-2246=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-lang-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-kvm-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.28.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4454.NASL
    descriptionMultiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update shipped in DSA 4447 to x86-based guests.
    last seen2020-06-01
    modified2020-06-02
    plugin id125609
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125609
    titleDebian DSA-4454-1 : qemu - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4454. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125609);
      script_version("1.2");
      script_cvs_date("Date: 2019/06/04  9:45:00");
    
      script_cve_id("CVE-2018-11806", "CVE-2018-12617", "CVE-2018-16872", "CVE-2018-17958", "CVE-2018-18849", "CVE-2018-18954", "CVE-2018-19364", "CVE-2018-19489", "CVE-2019-12155", "CVE-2019-3812", "CVE-2019-6778", "CVE-2019-9824");
      script_xref(name:"DSA", value:"4454");
    
      script_name(english:"Debian DSA-4454-1 : qemu - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in QEMU, a fast processor
    emulator, which could result in denial of service, the execution of
    arbitrary code or information disclosure.
    
    In addition this update backports support to passthrough the new
    md-clear CPU flag added in the intel-microcode update shipped in DSA
    4447 to x86-based guests."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4454"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qemu packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 1:2.8+dfsg-6+deb9u6."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"qemu", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-block-extra", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-guest-agent", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-kvm", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-arm", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-common", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-mips", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-misc", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-ppc", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-sparc", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-x86", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user-binfmt", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user-static", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-utils", reference:"1:2.8+dfsg-6+deb9u6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0211_QEMU-KVM.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (CVE-2018-11806) - Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. (CVE-2018-10839) - Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. (CVE-2018-17962) - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap- based buffer overflow. (CVE-2019-6778) - interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. (CVE-2019-12155) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131771
    published2019-12-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131771
    titleNewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0211)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0211. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131771);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id(
        "CVE-2018-10839",
        "CVE-2018-11806",
        "CVE-2018-17962",
        "CVE-2019-6778",
        "CVE-2019-12155"
      );
      script_bugtraq_id(106758, 108429);
    
      script_name(english:"NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0211)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple
    vulnerabilities:
    
      - m_cat in slirp/mbuf.c in Qemu has a heap-based buffer
        overflow via incoming fragmented datagrams.
        (CVE-2018-11806)
    
      - Qemu emulator <= 3.0.0 built with the NE2000 NIC
        emulation support is vulnerable to an integer overflow,
        which could lead to buffer overflow issue. It could
        occur when receiving packets over the network. A user
        inside guest could use this flaw to crash the Qemu
        process resulting in DoS. (CVE-2018-10839)
    
      - Qemu has a Buffer Overflow in pcnet_receive in
        hw/net/pcnet.c because an incorrect integer data type is
        used. (CVE-2018-17962)
    
      - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-
        based buffer overflow. (CVE-2019-6778)
    
      - interface_release_resource in hw/display/qxl.c in QEMU
        4.0.0 has a NULL pointer dereference. (CVE-2019-12155)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0211");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL qemu-kvm packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11806");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.06")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.06": [
        "qemu-guest-agent-0.12.1.2-2.506.el6_10.5",
        "qemu-img-0.12.1.2-2.506.el6_10.5",
        "qemu-kvm-0.12.1.2-2.506.el6_10.5",
        "qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.5",
        "qemu-kvm-tools-0.12.1.2-2.506.el6_10.5"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2221-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128301
    published2019-08-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128301
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2019:2221-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2892.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129473
    published2019-10-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129473
    titleCentOS 6 : qemu-kvm (CESA-2019:2892)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2041.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements : - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) - Add SnowRidge-Server vcpu model (jsc#SLE-4883) - Add in documentation about md-clear feature (bsc#1138534) - Fix SEV issue where older machine type is not processed correctly (bsc#1144087) - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Ignore csske for expanding the cpu model (bsc#1136540) This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128457
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128457
    titleopenSUSE Security Update : qemu (openSUSE-2019-2041)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2059.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements : - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136540) - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128465
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128465
    titleopenSUSE Security Update : qemu (openSUSE-2019-2059)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0045.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - kvm-slirp-fix-big-little-endian-conversion-in-ident-prot .patch - kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t .patch - kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669066] - kvm-qxl-check-release-info-object.patch [bz#1712728] - kvm-net-Use-iov-helper-functions.patch [bz#1636415] - kvm-net-increase-buffer-size-to-accommodate-Jumbo-frame- .patch - kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636415] - kvm-net-drop-too-large-packet-early.patch [bz#1636415] - kvm-PATCH-slirp-fix-buffer-overrun.patch [bz#1586251] - kvm-Fix-build-from-previous-commit.patch [bz#1586251] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586251] - kvm-slirp-Convert-mbufs-to-use-g_malloc-and-g_free.patch [bz#1586251] - kvm-slirp-correct-size-computation-while-concatenating-m .patch - kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636774] - Resolves: bz#1586251 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-6.10.z]) - Resolves: bz#1636415 (CVE-2018-10839 qemu-kvm: Qemu: ne2000: integer overflow leads to buffer overflow issue [rhel-6]) - Resolves: bz#1636774 (CVE-2018-17962 qemu-kvm: Qemu: pcnet: integer overflow leads to buffer overflow [rhel-6]) - Resolves: bz#1669066 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu [rhel-6.10.z]) - Resolves: bz#1712728 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-6])
    last seen2020-06-01
    modified2020-06-02
    plugin id129370
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129370
    titleOracleVM 3.4 : qemu-kvm (OVMSA-2019-0045)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2607.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129022
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129022
    titleCentOS 7 : qemu-kvm (CESA-2019:2607)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3179.NASL
    descriptionAn update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * ccid: Fix incorrect dwProtocol advertisement of T=0 (BZ#1729880) * QEMU gets stuck on resume/cont call from libvirt (BZ#1741937) * [v2v] Migration performance regression (BZ#1743322) * qemu, qemu-img fail to detect alignment with XFS and Gluster/XFS on 4k block device (BZ#1745443) * qemu-kvm: backport cpuidle-haltpoll support (BZ#1746282) * qemu aborts in blockCommit: qemu-kvm: block.c:3486 (BZ#1750322)
    last seen2020-06-01
    modified2020-06-02
    plugin id130188
    published2019-10-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130188
    titleRHEL 7 : Virtualization Manager (RHSA-2019:3179)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0019_QEMU-KVM.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (CVE-2018-11806) - Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. (CVE-2018-10839) - Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. (CVE-2018-17962) - In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap- based buffer overflow. (CVE-2019-6778) - interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. (CVE-2019-12155) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-03-08
    plugin id134319
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134319
    titleNewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0019)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2607.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128497
    published2019-09-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128497
    titleRHEL 7 : qemu-kvm (RHSA-2019:2607)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2353-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). Ignore csske for expanding the cpu model (bsc#1136528). Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128753
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128753
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2353-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3345.NASL
    descriptionAn update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es) : * ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) * QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-23
    modified2019-11-06
    plugin id130529
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130529
    titleRHEL 8 : virt:rhel (RHSA-2019:3345)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0388-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304). CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-03-18
    modified2020-02-18
    plugin id133763
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133763
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190903_QEMU_KVM_ON_SL7_X.NASL
    descriptionSecurity Fix(es):&#13; &#13; - QEMU: qxl: NULL pointer dereference while releasing spice resources&#13; (CVE-2019-12155)&#13; --&#13;
    last seen2020-03-18
    modified2019-09-04
    plugin id128502
    published2019-09-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128502
    titleScientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190903)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2892.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129332
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129332
    titleRHEL 6 : qemu-kvm (RHSA-2019:2892)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4191-1.NASL
    descriptionIt was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Worner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a NULL pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131017
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131017
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : qemu vulnerabilities (USN-4191-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1248.NASL
    descriptionA heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. (CVE-2018-20815) hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. (CVE-2019-5008) Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)
    last seen2020-06-01
    modified2020-06-02
    plugin id126960
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126960
    titleAmazon Linux 2 : qemu (ALAS-2019-1248)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1927.NASL
    descriptionSeveral vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). CVE-2016-5126 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2017-9375 QEMU, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. CVE-2019-12068 QEMU scsi disk backend: lsi: exit infinite loop while executing script CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference. CVE-2019-13164 qemu-bridge-helper.c in QEMU does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. CVE-2019-14378 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-15890 libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in ip_input.c. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id129105
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129105
    titleDebian DLA-1927-1 : qemu security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2607.NASL
    descriptionFrom Red Hat Security Advisory 2019:2607 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128514
    published2019-09-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128514
    titleOracle Linux 7 : qemu-kvm (ELSA-2019-2607)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2892.NASL
    descriptionFrom Red Hat Security Advisory 2019:2892 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129329
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129329
    titleOracle Linux 6 : qemu-kvm (ELSA-2019-2892)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2157-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128609
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128609
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2019:2157-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-52A8F5468E.NASL
    description - CVE-2019-12155: qxl: NULL pointer dereference while releasing spice resources (bz #1712727, bz #1712670) - CVE-2019-5008: NULL pointer dereference in hw/sparc64/sun4u.c leading to DoS (bz #1705916, bz #1705915) - CVE-2018-20815: device_tree: heap buffer overflow while loading device tree blob (bz #1693117, bz #1693101) - CVE-2019-9824: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (bz #1689794, bz #1678515) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126530
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126530
    titleFedora 30 : 2:qemu (2019-52a8f5468e)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4713.NASL
    descriptionDescription of changes: [15:3.1.0-5.el7] - Only enable the halt poll control MSR if it is supported by the host (Mark Kanda) [Orabug: 29946722] [15:3.1.0-4.el7] - kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278] - Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524} - pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123} - qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155} - target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676] - hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676] - optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676] - hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676] - qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676] - optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676] - linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676] - linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676] - pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676] - pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676] - pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676] - elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676] - elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]
    last seen2020-06-01
    modified2020-06-02
    plugin id126673
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126673
    titleOracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190924_QEMU_KVM_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) - QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) - QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) - QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) - QEMU: qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)
    last seen2020-03-18
    modified2019-09-25
    plugin id129334
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129334
    titleScientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20190924)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2255.NASL
    descriptionAccording to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.(CVE-2019-9824) - interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.(CVE-2019-12155) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130717
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130717
    titleEulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)

Redhat

advisories
  • bugzilla
    id1712670
    titleCVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentqemu-kvm-tools is earlier than 10:1.5.3-167.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192607001
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-kvm-common is earlier than 10:1.5.3-167.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192607003
          • commentqemu-kvm-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140704004
        • AND
          • commentqemu-kvm is earlier than 10:1.5.3-167.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192607005
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
        • AND
          • commentqemu-img is earlier than 10:1.5.3-167.el7_7.1
            ovaloval:com.redhat.rhsa:tst:20192607007
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
    rhsa
    idRHSA-2019:2607
    released2019-09-04
    severityLow
    titleRHSA-2019:2607: qemu-kvm security update (Low)
  • rhsa
    idRHBA-2019:3723
  • rhsa
    idRHSA-2019:2892
  • rhsa
    idRHSA-2019:3179
  • rhsa
    idRHSA-2019:3345
  • rhsa
    idRHSA-2019:3742
  • rhsa
    idRHSA-2019:3787
  • rhsa
    idRHSA-2019:4344
rpms
  • SLOF-0:20190703-1.gitba1ab360.module+el8.1.0+3730+7d905127
  • hivex-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • hivex-debuginfo-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • hivex-debugsource-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • hivex-devel-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • libguestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-bash-completion-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-benchmarking-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-benchmarking-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-debugsource-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-devel-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-gfs2-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-gobject-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-gobject-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-gobject-devel-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-inspect-icons-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-java-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-java-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-java-devel-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-javadoc-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-man-pages-ja-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-man-pages-uk-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-rescue-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-rsync-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-tools-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-tools-c-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-tools-c-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libguestfs-winsupport-0:8.0-4.module+el8.1.0+3554+1a3a94a6
  • libguestfs-xfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • libiscsi-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libiscsi-debuginfo-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libiscsi-debugsource-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libiscsi-devel-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libiscsi-utils-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libiscsi-utils-debuginfo-0:1.18.0-8.module+el8.1.0+3554+1a3a94a6
  • libtpms-0:0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2
  • libtpms-debuginfo-0:0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2
  • libtpms-debugsource-0:0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2
  • libtpms-devel-0:0.6.1-0.20190121git9dc915572b.module+el8.1.0+3523+b348b848.2
  • libvirt-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-admin-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-admin-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-bash-completion-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-client-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-client-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-config-network-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-config-nwfilter-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-interface-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-interface-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-network-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-network-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-nodedev-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-nodedev-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-nwfilter-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-nwfilter-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-qemu-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-qemu-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-secret-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-secret-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-core-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-core-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-disk-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-disk-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-gluster-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-gluster-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-iscsi-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-iscsi-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-iscsi-direct-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-iscsi-direct-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-logical-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-logical-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-mpath-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-mpath-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-rbd-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-rbd-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-scsi-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-driver-storage-scsi-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-daemon-kvm-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-dbus-0:1.3.0-2.module+el8.1.0+3554+1a3a94a6
  • libvirt-dbus-debuginfo-0:1.3.0-2.module+el8.1.0+3554+1a3a94a6
  • libvirt-dbus-debugsource-0:1.3.0-2.module+el8.1.0+3554+1a3a94a6
  • libvirt-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-debugsource-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-devel-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-docs-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-libs-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-libs-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-lock-sanlock-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-lock-sanlock-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-nss-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-nss-debuginfo-0:5.6.0-6.module+el8.1.0+4244+9aa4e6bb
  • libvirt-python-debugsource-0:5.6.0-2.module+el8.1.0+4286+bc7b622c
  • lua-guestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • lua-guestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • nbdkit-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-bash-completion-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-basic-filters-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-basic-filters-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-basic-plugins-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-basic-plugins-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-curl-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-curl-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-debugsource-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-devel-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-example-plugins-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-example-plugins-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-gzip-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-gzip-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-linuxdisk-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-linuxdisk-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-python-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-python-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-server-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-server-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-ssh-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-ssh-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-vddk-plugin-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-vddk-plugin-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-xz-filter-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • nbdkit-xz-filter-debuginfo-0:1.12.5-1.module+el8.1.0+3868+35f94834
  • netcf-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • netcf-debuginfo-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • netcf-debugsource-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • netcf-devel-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • netcf-libs-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • netcf-libs-debuginfo-0:0.2.8-12.module+el8.1.0+3921+a49f7d7b
  • ocaml-hivex-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • ocaml-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • ocaml-hivex-devel-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • ocaml-libguestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • ocaml-libguestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • ocaml-libguestfs-devel-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • perl-Sys-Guestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • perl-Sys-Guestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • perl-Sys-Virt-0:5.6.0-2.module+el8.1.0+4140+e3893fe6
  • perl-Sys-Virt-debuginfo-0:5.6.0-2.module+el8.1.0+4140+e3893fe6
  • perl-Sys-Virt-debugsource-0:5.6.0-2.module+el8.1.0+4140+e3893fe6
  • perl-hivex-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • perl-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • python3-hivex-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • python3-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • python3-libguestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • python3-libguestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • python3-libvirt-0:5.6.0-2.module+el8.1.0+4286+bc7b622c
  • python3-libvirt-debuginfo-0:5.6.0-2.module+el8.1.0+4286+bc7b622c
  • qemu-guest-agent-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-guest-agent-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-img-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-img-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-curl-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-curl-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-gluster-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-gluster-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-iscsi-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-iscsi-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-rbd-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-rbd-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-ssh-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-block-ssh-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-common-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-common-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-core-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-core-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-debugsource-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-tests-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • qemu-kvm-tests-debuginfo-15:4.1.0-13.module+el8.1.0+4313+ef76ec61
  • ruby-hivex-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • ruby-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+3554+1a3a94a6
  • ruby-libguestfs-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • ruby-libguestfs-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • seabios-0:1.12.0-5.module+el8.1.0+4022+29a53beb
  • seabios-bin-0:1.12.0-5.module+el8.1.0+4022+29a53beb
  • seavgabios-bin-0:1.12.0-5.module+el8.1.0+4022+29a53beb
  • sgabios-1:0.20170427git-3.module+el8.1.0+3554+1a3a94a6
  • sgabios-bin-1:0.20170427git-3.module+el8.1.0+3554+1a3a94a6
  • supermin-0:5.1.19-10.module+el8.1.0+4076+b5e41ebc
  • supermin-debuginfo-0:5.1.19-10.module+el8.1.0+4076+b5e41ebc
  • supermin-debugsource-0:5.1.19-10.module+el8.1.0+4076+b5e41ebc
  • supermin-devel-0:5.1.19-10.module+el8.1.0+4076+b5e41ebc
  • swtpm-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-debuginfo-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-debugsource-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-devel-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-libs-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-libs-debuginfo-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-tools-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • swtpm-tools-debuginfo-0:0.1.0-1.20190425gitca85606.module+el8.1.0+3966+4a23dca1.1
  • virglrenderer-0:0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848
  • virglrenderer-devel-0:0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848
  • virglrenderer-test-server-0:0.6.0-5.20180814git491d3b705.module+el8.1.0+3523+b348b848
  • virt-dib-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • virt-dib-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • virt-p2v-maker-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • virt-v2v-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • virt-v2v-debuginfo-1:1.40.2-14.module+el8.1.0+4230+0b6e3259
  • qemu-img-10:1.5.3-167.el7_7.1
  • qemu-kvm-10:1.5.3-167.el7_7.1
  • qemu-kvm-common-10:1.5.3-167.el7_7.1
  • qemu-kvm-debuginfo-10:1.5.3-167.el7_7.1
  • qemu-kvm-tools-10:1.5.3-167.el7_7.1
  • qemu-guest-agent-2:0.12.1.2-2.506.el6_10.5
  • qemu-img-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-debuginfo-2:0.12.1.2-2.506.el6_10.5
  • qemu-kvm-tools-2:0.12.1.2-2.506.el6_10.5
  • qemu-img-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-common-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7_7.4
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7_7.4
  • SLOF-0:20171214-6.gitfa98132.module+el8.1.0+4066+0f1aadab
  • hivex-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • hivex-debuginfo-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • hivex-debugsource-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • hivex-devel-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • libguestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-bash-completion-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-benchmarking-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-benchmarking-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-debugsource-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-devel-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-gfs2-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-gobject-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-gobject-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-gobject-devel-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-inspect-icons-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-java-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-java-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-java-devel-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-javadoc-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-man-pages-ja-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-man-pages-uk-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-rescue-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-rsync-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-tools-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-tools-c-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-tools-c-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libguestfs-winsupport-0:8.0-4.module+el8.1.0+4066+0f1aadab
  • libguestfs-xfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • libiscsi-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libiscsi-debuginfo-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libiscsi-debugsource-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libiscsi-devel-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libiscsi-utils-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libiscsi-utils-debuginfo-0:1.18.0-8.module+el8.1.0+4066+0f1aadab
  • libvirt-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-admin-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-admin-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-bash-completion-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-client-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-client-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-config-network-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-config-nwfilter-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-interface-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-interface-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-network-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-network-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-nodedev-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-nodedev-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-nwfilter-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-nwfilter-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-qemu-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-qemu-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-secret-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-secret-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-core-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-core-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-disk-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-disk-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-gluster-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-gluster-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-iscsi-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-iscsi-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-logical-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-logical-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-mpath-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-mpath-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-rbd-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-rbd-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-scsi-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-driver-storage-scsi-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-daemon-kvm-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-dbus-0:1.2.0-3.module+el8.1.0+4066+0f1aadab
  • libvirt-dbus-debuginfo-0:1.2.0-3.module+el8.1.0+4066+0f1aadab
  • libvirt-dbus-debugsource-0:1.2.0-3.module+el8.1.0+4066+0f1aadab
  • libvirt-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-debugsource-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-devel-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-docs-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-libs-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-libs-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-lock-sanlock-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-lock-sanlock-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-nss-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-nss-debuginfo-0:4.5.0-35.module+el8.1.0+4227+b2722cb3
  • libvirt-python-debugsource-0:4.5.0-2.module+el8.1.0+4066+0f1aadab
  • lua-guestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • lua-guestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • nbdkit-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-bash-completion-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-basic-plugins-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-basic-plugins-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-debugsource-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-devel-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-example-plugins-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-example-plugins-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-gzip-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-gzip-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-python-common-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-python3-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-python3-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-vddk-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-vddk-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-xz-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • nbdkit-plugin-xz-debuginfo-0:1.4.2-5.module+el8.1.0+4066+0f1aadab
  • netcf-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • netcf-debuginfo-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • netcf-debugsource-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • netcf-devel-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • netcf-libs-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • netcf-libs-debuginfo-0:0.2.8-12.module+el8.1.0+4066+0f1aadab
  • ocaml-hivex-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • ocaml-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • ocaml-hivex-devel-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • ocaml-libguestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • ocaml-libguestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • ocaml-libguestfs-devel-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • perl-Sys-Guestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • perl-Sys-Guestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • perl-Sys-Virt-0:4.5.0-5.module+el8.1.0+4066+0f1aadab
  • perl-Sys-Virt-debuginfo-0:4.5.0-5.module+el8.1.0+4066+0f1aadab
  • perl-Sys-Virt-debugsource-0:4.5.0-5.module+el8.1.0+4066+0f1aadab
  • perl-hivex-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • perl-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • python3-hivex-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • python3-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • python3-libguestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • python3-libguestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • python3-libvirt-0:4.5.0-2.module+el8.1.0+4066+0f1aadab
  • python3-libvirt-debuginfo-0:4.5.0-2.module+el8.1.0+4066+0f1aadab
  • qemu-guest-agent-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-guest-agent-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-img-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-img-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-curl-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-curl-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-gluster-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-gluster-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-iscsi-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-iscsi-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-rbd-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-rbd-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-ssh-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-block-ssh-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-common-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-common-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-core-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-core-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-debugsource-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-tests-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • qemu-kvm-tests-debuginfo-15:2.12.0-88.module+el8.1.0+4233+bc44be3f
  • ruby-hivex-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • ruby-hivex-debuginfo-0:1.3.15-7.module+el8.1.0+4066+0f1aadab
  • ruby-libguestfs-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • ruby-libguestfs-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • seabios-0:1.11.1-4.module+el8.1.0+4066+0f1aadab
  • seabios-bin-0:1.11.1-4.module+el8.1.0+4066+0f1aadab
  • seavgabios-bin-0:1.11.1-4.module+el8.1.0+4066+0f1aadab
  • sgabios-1:0.20170427git-3.module+el8.1.0+4066+0f1aadab
  • sgabios-bin-1:0.20170427git-3.module+el8.1.0+4066+0f1aadab
  • supermin-0:5.1.19-9.module+el8.1.0+4066+0f1aadab
  • supermin-debuginfo-0:5.1.19-9.module+el8.1.0+4066+0f1aadab
  • supermin-debugsource-0:5.1.19-9.module+el8.1.0+4066+0f1aadab
  • supermin-devel-0:5.1.19-9.module+el8.1.0+4066+0f1aadab
  • virt-dib-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • virt-dib-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • virt-p2v-maker-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • virt-v2v-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • virt-v2v-debuginfo-1:1.38.4-14.module+el8.1.0+4066+0f1aadab
  • qemu-img-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-common-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7_7.4
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7_7.4
  • qemu-img-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-common-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7_7.4
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7_7.4
  • qemu-img-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-common-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-10:2.12.0-33.el7_7.4
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7_7.4
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7_7.4
  • qemu-img-rhev-10:2.12.0-44.el7
  • qemu-kvm-common-rhev-10:2.12.0-44.el7
  • qemu-kvm-rhev-10:2.12.0-44.el7
  • qemu-kvm-rhev-debuginfo-10:2.12.0-44.el7
  • qemu-kvm-tools-rhev-10:2.12.0-44.el7