Vulnerabilities > CVE-2019-13164

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
qemu
debian
opensuse
canonical
nessus

Summary

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4512.NASL
    descriptionMultiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.
    last seen2020-06-01
    modified2020-06-02
    plugin id128430
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128430
    titleDebian DSA-4512-1 : qemu - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4512. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128430);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:32");
    
      script_cve_id("CVE-2019-13164", "CVE-2019-14378");
      script_xref(name:"DSA", value:"4512");
    
      script_name(english:"Debian DSA-4512-1 : qemu - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in QEMU, a fast processor
    emulator, which could result in denial of service, the execution of
    arbitrary code or bypass of ACLs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/buster/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4512"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qemu packages.
    
    For the stable distribution (buster), these problems have been fixed
    in version 1:3.1+dfsg-8+deb10u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"10.0", prefix:"qemu", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-block-extra", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-guest-agent", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-kvm", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-arm", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-common", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-data", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-gui", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-mips", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-misc", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-ppc", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-sparc", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-system-x86", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-user", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-user-binfmt", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-user-static", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    if (deb_check(release:"10.0", prefix:"qemu-utils", reference:"1:3.1+dfsg-8+deb10u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2192-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) Add SnowRidge-Server vcpu model (jsc#SLE-4883) Add in documentation about md-clear feature (bsc#1138534) Fix SEV issue where older machine type is not processed correctly (bsc#1144087) Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) Ignore csske for expanding the cpu model (bsc#1136540) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128074
    published2019-08-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128074
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2192-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128074);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378", "CVE-2019-5008");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-14378: Security fix for heap overflow in ip_reass on big
    packet input (bsc#1143794).
    
    CVE-2019-12155: Security fix for NULL pointer dereference while
    releasing spice resources (bsc#1135902).
    
    CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be
    bypassed when names are too long (bsc#1140402).
    
    CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual
    machine possible through guest device driver (bsc#1133031).
    
    Bug fixes and enhancements: Upstream tweaked SnowRidge-Server vcpu
    model to now be simply Snowridge (jsc#SLE-4883)
    
    Add SnowRidge-Server vcpu model (jsc#SLE-4883)
    
    Add in documentation about md-clear feature (bsc#1138534)
    
    Fix SEV issue where older machine type is not processed correctly
    (bsc#1144087)
    
    Fix case of a bad pointer in Xen PV usb support code (bsc#1128106)
    
    Further refine arch-capabilities handling to help with security and
    performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764)
    
    Add support for one more security/performance related vcpu feature
    (bsc#1136778) (fate#327796)
    
    Ignore csske for expanding the cpu model (bsc#1136540)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13164/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5008/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192192-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e13d510"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in
    -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2192=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2192=1
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-SP1-2019-2192=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-arm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ppc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-curl-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-iscsi-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-rbd-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-ssh-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-guest-agent-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-lang-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-kvm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-testsuite-3.1.1-9.3.4")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"qemu-s390-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-alsa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-oss-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-audio-pa-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-curses-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-ui-gtk-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"qemu-x86-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-block-dmg-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-extra-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debuginfo-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-linux-user-debugsource-3.1.1-9.3.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-testsuite-3.1.1-9.3.4")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-ppc-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-arm-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debuginfo-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-debugsource-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-3.1.1-9.3.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"qemu-tools-debuginfo-3.1.1-9.3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2246-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). Ignore csske for expanding the cpu model (bsc#1136540) Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128318
    published2019-08-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128318
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2246-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128318);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2019-12155", "CVE-2019-13164", "CVE-2019-14378");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-14378: Security fix for heap overflow in ip_reass on big
    packet input (bsc#1143794).
    
    CVE-2019-12155: Security fix for NULL pointer dereference while
    releasing spice resources (bsc#1135902).
    
    CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be
    bypassed when names are too long (bsc#1140402).
    
    Bug fixes and enhancements: Add vcpu features needed for
    Cascadelake-Server, Icelake-Client and Icelake-Server, especially the
    foundational arch-capabilities to help with security and performance
    on Intel hosts (bsc#1134883) (fate#327764)
    
    Add support for one more security/performance related vcpu feature
    (bsc#1136778) (fate#327796)
    
    Disable file locking in the Xen PV disk backend to avoid locking
    issues with PV domUs during migration. The issues triggered by the
    locking can not be properly handled in libxl. The locking introduced
    in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403,
    bsc#1111025).
    
    Ignore csske for expanding the cpu model (bsc#1136540)
    
    Fix vm migration is failing with input/output error when nfs server is
    disconnected (bsc#1119115)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13164/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14378/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192246-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?901c6416"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
    patch SUSE-SLE-Module-Server-Applications-15-2019-2246=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-2246=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-2246=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-dmg-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-linux-user-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"qemu-x86-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-curl-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-iscsi-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-rbd-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-ssh-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-guest-agent-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-lang-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-kvm-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-block-dmg-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-extra-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debuginfo-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-linux-user-debugsource-2.11.2-9.28.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debuginfo-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-debugsource-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-2.11.2-9.28.3")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"qemu-tools-debuginfo-2.11.2-9.28.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4506.NASL
    descriptionMultiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs. In addition this update fixes a regression which could cause NBD connections to hang.
    last seen2020-06-01
    modified2020-06-02
    plugin id128180
    published2019-08-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128180
    titleDebian DSA-4506-1 : qemu - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4506. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128180);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:32");
    
      script_cve_id("CVE-2018-20815", "CVE-2019-13164", "CVE-2019-14378");
      script_xref(name:"DSA", value:"4506");
    
      script_name(english:"Debian DSA-4506-1 : qemu - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in QEMU, a fast processor
    emulator, which could result in denial of service, the execution of
    arbitrary code or bypass of ACLs.
    
    In addition this update fixes a regression which could cause NBD
    connections to hang."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/qemu"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4506"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qemu packages.
    
    For the oldstable distribution (stretch), these problems have been
    fixed in version 1:2.8+dfsg-6+deb9u8."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"qemu", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-block-extra", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-guest-agent", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-kvm", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-arm", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-common", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-mips", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-misc", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-ppc", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-sparc", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-system-x86", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user-binfmt", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-user-static", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    if (deb_check(release:"9.0", prefix:"qemu-utils", reference:"1:2.8+dfsg-6+deb9u8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2221-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128301
    published2019-08-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128301
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2019:2221-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2041.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements : - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) - Add SnowRidge-Server vcpu model (jsc#SLE-4883) - Add in documentation about md-clear feature (bsc#1138534) - Fix SEV issue where older machine type is not processed correctly (bsc#1144087) - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Ignore csske for expanding the cpu model (bsc#1136540) This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128457
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128457
    titleopenSUSE Security Update : qemu (openSUSE-2019-2041)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-66.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-66 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-04-04
    modified2020-03-31
    plugin id135021
    published2020-03-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135021
    titleGLSA-202003-66 : QEMU: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2059.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements : - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134883) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136540) - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128465
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128465
    titleopenSUSE Security Update : qemu (openSUSE-2019-2059)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2353-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). Ignore csske for expanding the cpu model (bsc#1136528). Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128753
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128753
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2353-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4191-1.NASL
    descriptionIt was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Worner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a NULL pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131017
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131017
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : qemu vulnerabilities (USN-4191-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1927.NASL
    descriptionSeveral vulnerabilities were found in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). CVE-2016-5126 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2017-9375 QEMU, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. CVE-2019-12068 QEMU scsi disk backend: lsi: exit infinite loop while executing script CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU has a NULL pointer dereference. CVE-2019-13164 qemu-bridge-helper.c in QEMU does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. CVE-2019-14378 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-15890 libslirp 4.0.0, as used in QEMU, has a use-after-free in ip_reass in ip_input.c. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id129105
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129105
    titleDebian DLA-1927-1 : qemu security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2157-1.NASL
    descriptionThis update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources (bsc#1135902). CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128609
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128609
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2019:2157-1)