Vulnerabilities > CVE-2020-8608 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 5.6 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
high complexity
libslirp-project
debian
opensuse
CWE-120
nessus

Summary

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-1208.NASL
    descriptionFrom Red Hat Security Advisory 2020:1208 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1208 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-14
    plugin id135428
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135428
    titleOracle Linux 7 : qemu-kvm (ELSA-2020-1208)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1208 and 
    # Oracle Linux Security Advisory ELSA-2020-1208 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135428);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2020-8608");
      script_xref(name:"RHSA", value:"2020:1208");
    
      script_name(english:"Oracle Linux 7 : qemu-kvm (ELSA-2020-1208)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2020:1208 :
    
    The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1208 advisory.
    
      - QEMU: Slirp: potential OOB access due to unsafe
        snprintf() usages (CVE-2020-8608)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-April/009800.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected qemu-kvm packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-img");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-img-1.5.3-173.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-1.5.3-173.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-common-1.5.3-173.el7_8.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-tools-1.5.3-173.el7_8.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-tools");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0845-1.NASL
    descriptionThis update for qemu fixes the following issues : CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066). CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379). CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240). CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156). CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018). CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776). Fixed live migration errors (bsc#1154790, bsc#1156794, bsc#1156642). Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729). Fixed an issue where booting up a guest system with mdev passthrough device as installation device was failing (bsc#1158880). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135169
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135169
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2020:0845-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0845-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135169);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/21");
    
      script_cve_id("CVE-2019-15034", "CVE-2019-20382", "CVE-2019-6778", "CVE-2020-1711", "CVE-2020-7039", "CVE-2020-8608");
    
      script_name(english:"SUSE SLES12 Security Update : qemu (SUSE-SU-2020:0845-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for qemu fixes the following issues :
    
    CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while
    emulating IRC and other protocols (bsc#1161066).
    
    CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c
    due to improper PCI config space allocation (bsc#1166379).
    
    CVE-2020-1711: Fixed an out of bounds heap buffer access
    iscsi_co_block_status() routine which could have allowed a remote
    denial of service or arbitrary code with privileges of the QEMU
    process on the host (bsc#1166240).
    
    CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while
    emulating the identification protocol and copying message data to a
    socket buffer (bsc#1123156).
    
    CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while
    emulating IRC and other protocols (bsc#1163018).
    
    CVE-2019-20382: Fixed a memory leak in the VNC display driver which
    could have led to exhaustion of the host memory leading to a potential
    Denial of service (bsc#1165776).
    
    Fixed live migration errors (bsc#1154790, bsc#1156794, bsc#1156642).
    
    Fixed an issue where migrating VMs on KVM gets missing features:ospke
    error (bsc#1162729).
    
    Fixed an issue where booting up a guest system with mdev passthrough
    device as installation device was failing (bsc#1158880).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1161066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1162161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1162729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1163018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1165776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1166240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1166379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15034/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-20382/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6778/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-1711/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-7039/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-8608/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200845-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0287d340"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
    SUSE-SLE-SERVER-12-SP5-2020-845=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-alsa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-oss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-pa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-sdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-audio-sdl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-gtk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-sdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-ui-sdl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"5", cpu:"x86_64", reference:"qemu-block-rbd-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", cpu:"x86_64", reference:"qemu-block-rbd-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", cpu:"x86_64", reference:"qemu-x86-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", cpu:"s390x", reference:"qemu-s390-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", cpu:"s390x", reference:"qemu-s390-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-alsa-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-alsa-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-oss-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-oss-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-pa-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-pa-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-sdl-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-audio-sdl-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-curl-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-curl-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-iscsi-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-iscsi-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-ssh-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-block-ssh-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-debugsource-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-guest-agent-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-guest-agent-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-lang-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-tools-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-tools-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-curses-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-curses-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-gtk-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-gtk-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-sdl-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-ui-sdl-debuginfo-3.1.1.1-3.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"qemu-kvm-3.1.1.1-3.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2144.NASL
    descriptionTwo out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code execution. For Debian 8
    last seen2020-03-20
    modified2020-03-18
    plugin id134631
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134631
    titleDebian DLA-2144-1 : qemu security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2144-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134631);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/21");
    
      script_cve_id("CVE-2020-1711", "CVE-2020-8608");
    
      script_name(english:"Debian DLA-2144-1 : qemu security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Two out-of-bounds heap buffer accesses were found in QEMU, a fast
    processor emulator, which could result in denial of service or
    abitrary code execution.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    1:2.1+dfsg-12+deb8u14.
    
    We recommend that you upgrade your qemu packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/qemu"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-mips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-misc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-sparc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-binfmt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"qemu", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-guest-agent", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-kvm", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-arm", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-common", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-mips", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-misc", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-ppc", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-sparc", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-system-x86", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-user", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-user-binfmt", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-user-static", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    if (deb_check(release:"8.0", prefix:"qemu-utils", reference:"1:2.1+dfsg-12+deb8u14")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1403.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1403 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-09
    plugin id137244
    published2020-06-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137244
    titleRHEL 6 : qemu-kvm (RHSA-2020:1403)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1403. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137244);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/20");
    
      script_cve_id("CVE-2020-8608");
      script_xref(name:"RHSA", value:"2020:1403");
    
      script_name(english:"RHEL 6 : qemu-kvm (RHSA-2020:1403)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1403 advisory.
    
      - QEMU: Slirp: potential OOB access due to unsafe
        snprintf() usages (CVE-2020-8608)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1403");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8608");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1798453");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'qemu-guest-agent-0.12.1.2-2.506.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'2'},
        {'reference':'qemu-guest-agent-0.12.1.2-2.506.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'2'},
        {'reference':'qemu-img-0.12.1.2-2.506.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'2'},
        {'reference':'qemu-kvm-0.12.1.2-2.506.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'2'},
        {'reference':'qemu-kvm-tools-0.12.1.2-2.506.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'2'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-guest-agent / qemu-img / qemu-kvm / etc');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1292.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1292 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-02
    plugin id135175
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135175
    titleRHEL 7 : qemu-kvm-rhev (RHSA-2020:1292)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1292. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135175);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/20");
    
      script_cve_id("CVE-2020-8608");
      script_xref(name:"RHSA", value:"2020:1292");
    
      script_name(english:"RHEL 7 : qemu-kvm-rhev (RHSA-2020:1292)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1292 advisory.
    
      - QEMU: Slirp: potential OOB access due to unsafe
        snprintf() usages (CVE-2020-8608)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/122.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1292");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8608");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(122);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhev_manager:4.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::hypervisor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'qemu-img-rhev-2.12.0-44.el7_8.1', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-common-rhev-2.12.0-44.el7_8.1', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-rhev-2.12.0-44.el7_8.1', 'cpu':'x86_64', 'release':'7', 'epoch':'10'},
        {'reference':'qemu-kvm-tools-rhev-2.12.0-44.el7_8.1', 'cpu':'x86_64', 'release':'7', 'epoch':'10'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu-img-rhev / qemu-kvm-common-rhev / qemu-kvm-rhev / etc');
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1430.NASL
    descriptionAccording to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.(CVE-2020-8608) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2019-11135) - tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.(CVE-2020-7039) - ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.(CVE-2019-14378) - Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.(CVE-2015-5239) - Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.(CVE-2015-5745) - The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.(CVE-2015-5278) - The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.(CVE-2015-6815) - Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.(CVE-2015-5279) - Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.(CVE-2016-7161) - hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.(CVE-2013-4544) - The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.(CVE-2015-4037) - hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.(CVE-2015-6855) - hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.(CVE-2015-7295) - The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.(CVE-2015-7549) - The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.(CVE-2015-8345) - Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.(CVE-2015-8504) - The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.(CVE-2015-8558) - Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).(CVE-2015-8567) - Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.(CVE-2015-8568) - Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.(CVE-2015-8613) - Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.(CVE-2016-1568) - QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.(CVE-2016-2198) - The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.(CVE-2016-2391) - The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.(CVE-2016-2392) - Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.(CVE-2016-2538) - The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.(CVE-2016-2841) - QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.(CVE-2016-2858) - Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.(CVE-2016-4001) - Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.(CVE-2016-4002) - The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.(CVE-2016-4037) - The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.(CVE-2016-4453) - The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.(CVE-2016-4454) - The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.(CVE-2016-6834) - The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.(CVE-2016-6835) - The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.(CVE-2016-6836) - Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.(CVE-2016-6888) - Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.(CVE-2016-7116) - The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.(CVE-2016-7421) - The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.(CVE-2016-7908) - The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.(CVE-2016-7909) - The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.(CVE-2016-8576) - The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.(CVE-2016-8669) - The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.(CVE-2016-8909) - The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.(CVE-2016-8910) - Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.(CVE-2016-9102) - The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.(CVE-2016-9103) - Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.(CVE-2016-9104) - Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.(CVE-2016-9105) - Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.(CVE-2016-9106) - Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a
    last seen2020-05-06
    modified2020-04-15
    plugin id135559
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135559
    titleEulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1351.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1351 advisory. - QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135245
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135245
    titleRHEL 7 : qemu-kvm (RHSA-2020:1351)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-66.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-66 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-04-04
    modified2020-03-31
    plugin id135021
    published2020-03-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135021
    titleGLSA-202003-66 : QEMU: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1379.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1379 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-07
    plugin id135251
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135251
    titleRHEL 8 : container-tools:rhel8 (RHSA-2020:1379)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-468.NASL
    descriptionThis update for qemu fixes the following issues : - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066). - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379). - CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156). - CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018). - CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776). - Fixed a live migration error (bsc#1154790). - Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-04-12
    modified2020-04-07
    plugin id135265
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135265
    titleopenSUSE Security Update : qemu (openSUSE-2020-468)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1208.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1208 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135065
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135065
    titleRHEL 7 : qemu-kvm (RHSA-2020:1208)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-1379.NASL
    descriptionFrom Red Hat Security Advisory 2020:1379 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1379 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-16
    plugin id135665
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135665
    titleOracle Linux 8 : container-tools:ol8 (ELSA-2020-1379)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1209.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1209 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135050
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135050
    titleRHEL 7 : qemu-kvm-ma (RHSA-2020:1209)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1300.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1300 advisory. - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711) - QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-02
    plugin id135173
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135173
    titleRHEL 7 : qemu-kvm-rhev (RHSA-2020:1300)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1403.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1403 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-04-28
    plugin id136015
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136015
    titleCentOS 6 : qemu-kvm (CESA-2020:1403)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2142.NASL
    descriptionIt was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3). For Debian 8
    last seen2020-03-19
    modified2020-03-16
    plugin id134576
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134576
    titleDebian DLA-2142-1 : slirp security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1352.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1352 advisory. - QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711) - QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135249
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135249
    titleRHEL 7 : qemu-kvm-ma (RHSA-2020:1352)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1298.NASL
    descriptionAccording to the versions of the qemu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.(CVE-2020-7039) - In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.(CVE-2020-8608) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-03-23
    plugin id134790
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134790
    titleEulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1298)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-1403.NASL
    descriptionFrom Red Hat Security Advisory 2020:1403 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1403 advisory. - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-11
    modified2020-04-10
    plugin id135379
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135379
    titleOracle Linux 6 : qemu-kvm (ELSA-2020-1403)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0844-1.NASL
    descriptionThis update for qemu fixes the following issues : CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066). CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379). CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240). CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156). CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018). CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776). Fixed a live migration error (bsc#1154790). Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135168
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135168
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:0844-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200408_QEMU_KVM_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - QEMU: Slirp: potential OOB access due to unsafe snprintf() usages Bug Fix(es) : - QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]
    last seen2020-04-16
    modified2020-04-10
    plugin id135382
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135382
    titleScientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20200408)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4283-1.NASL
    descriptionFelipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-19
    plugin id133796
    published2020-02-19
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133796
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : qemu vulnerabilities (USN-4283-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_QEMU_KVM_ON_SL7_X.NASL
    description* QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
    last seen2020-04-30
    modified2020-04-21
    plugin id135833
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135833
    titleScientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20200407)

Redhat

advisories
  • bugzilla
    id1798453
    titleCVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentqemu-kvm-tools is earlier than 10:1.5.3-173.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201208001
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-kvm-common is earlier than 10:1.5.3-173.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201208003
          • commentqemu-kvm-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140704004
        • AND
          • commentqemu-kvm is earlier than 10:1.5.3-173.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201208005
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
        • AND
          • commentqemu-img is earlier than 10:1.5.3-173.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201208007
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
    rhsa
    idRHSA-2020:1208
    released2020-03-31
    severityImportant
    titleRHSA-2020:1208: qemu-kvm security update (Important)
  • bugzilla
    id1798453
    titleCVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentqemu-kvm-tools-ma is earlier than 10:2.12.0-44.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201209001
          • commentqemu-kvm-tools-ma is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20182762002
        • AND
          • commentqemu-kvm-ma is earlier than 10:2.12.0-44.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201209003
          • commentqemu-kvm-ma is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20182762006
        • AND
          • commentqemu-kvm-common-ma is earlier than 10:2.12.0-44.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201209005
          • commentqemu-kvm-common-ma is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20182762004
        • AND
          • commentqemu-img-ma is earlier than 10:2.12.0-44.el7_8.1
            ovaloval:com.redhat.rhsa:tst:20201209007
          • commentqemu-img-ma is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20182762008
    rhsa
    idRHSA-2020:1209
    released2020-03-31
    severityImportant
    titleRHSA-2020:1209: qemu-kvm-ma security update (Important)
  • bugzilla
    id1806119
    titlebuildah COPY command is slow when .dockerignore file is not present [stream-container-tools-rhel8-rhel-8.1.1/buildah]
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule container-tools:rhel8 is enabled
        ovaloval:com.redhat.rhsa:tst:20190975043
      • OR
        • AND
          • commentskopeo-debugsource is earlier than 1:0.1.40-8.module+el8.1.1+5351+506397b0
            ovaloval:com.redhat.rhsa:tst:20200348009
          • commentskopeo-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975006
        • AND
          • commentskopeo is earlier than 1:0.1.40-8.module+el8.1.1+5351+506397b0
            ovaloval:com.redhat.rhsa:tst:20200348011
          • commentskopeo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975008
        • AND
          • commentrunc-debugsource is earlier than 0:1.0.0-64.rc9.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348013
          • commentrunc-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975010
        • AND
          • commentrunc is earlier than 0:1.0.0-64.rc9.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348015
          • commentrunc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975012
        • AND
          • commentpodman-tests is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379009
          • commentpodman-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403018
        • AND
          • commentpodman-remote is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379011
          • commentpodman-remote is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403020
        • AND
          • commentpodman-debugsource is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379013
          • commentpodman-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975014
        • AND
          • commentpodman is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379015
          • commentpodman is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975016
        • AND
          • commentfuse-overlayfs-debugsource is earlier than 0:0.7.2-5.module+el8.1.1+6114+953c5a57
            ovaloval:com.redhat.rhsa:tst:20201379017
          • commentfuse-overlayfs-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975026
        • AND
          • commentfuse-overlayfs is earlier than 0:0.7.2-5.module+el8.1.1+6114+953c5a57
            ovaloval:com.redhat.rhsa:tst:20201379019
          • commentfuse-overlayfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975028
        • AND
          • commentcontainers-common is earlier than 1:0.1.40-8.module+el8.1.1+5351+506397b0
            ovaloval:com.redhat.rhsa:tst:20200348029
          • commentcontainers-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975030
        • AND
          • commentcontainernetworking-plugins-debugsource is earlier than 0:0.8.3-4.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348031
          • commentcontainernetworking-plugins-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975032
        • AND
          • commentcontainernetworking-plugins is earlier than 0:0.8.3-4.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348033
          • commentcontainernetworking-plugins is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975034
        • AND
          • commentconmon is earlier than 2:2.0.6-1.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348035
          • commentconmon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200348036
        • AND
          • commentbuildah-tests is earlier than 0:1.11.6-6.module+el8.1.1+5865+cc793d95
            ovaloval:com.redhat.rhsa:tst:20201379029
          • commentbuildah-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403044
        • AND
          • commentbuildah-debugsource is earlier than 0:1.11.6-6.module+el8.1.1+5865+cc793d95
            ovaloval:com.redhat.rhsa:tst:20201379031
          • commentbuildah-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975036
        • AND
          • commentbuildah is earlier than 0:1.11.6-6.module+el8.1.1+5865+cc793d95
            ovaloval:com.redhat.rhsa:tst:20201379033
          • commentbuildah is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975038
        • AND
          • commenttoolbox is earlier than 0:0.0.4-1.module+el8.1.1+4407+ac444e5d
            ovaloval:com.redhat.rhsa:tst:20200348001
          • commenttoolbox is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403002
        • AND
          • commentslirp4netns-debugsource is earlier than 0:0.4.2-3.git21fdece.module+el8.1.1+5657+524a77d7
            ovaloval:com.redhat.rhsa:tst:20201379037
          • commentslirp4netns-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975002
        • AND
          • commentslirp4netns is earlier than 0:0.4.2-3.git21fdece.module+el8.1.1+5657+524a77d7
            ovaloval:com.redhat.rhsa:tst:20201379039
          • commentslirp4netns is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975004
        • AND
          • commentskopeo-tests is earlier than 1:0.1.40-8.module+el8.1.1+5351+506397b0
            ovaloval:com.redhat.rhsa:tst:20200348007
          • commentskopeo-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403008
        • AND
          • commentudica is earlier than 0:0.2.1-2.module+el8.1.1+4975+482d6f5d
            ovaloval:com.redhat.rhsa:tst:20200348043
          • commentudica is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20200348044
        • AND
          • commentpython-podman-api is earlier than 0:1.2.0-0.2.gitd0a45fe.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348045
          • commentpython-podman-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403050
        • AND
          • commentpodman-manpages is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379047
          • commentpodman-manpages is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403052
        • AND
          • commentpodman-docker is earlier than 0:1.6.4-4.module+el8.1.1+5885+44006e55
            ovaloval:com.redhat.rhsa:tst:20201379049
          • commentpodman-docker is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975040
        • AND
          • commentcontainer-selinux is earlier than 2:2.124.0-1.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348051
          • commentcontainer-selinux is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975042
        • AND
          • commentcockpit-podman is earlier than 0:11-1.module+el8.1.1+5259+bcdd613a
            ovaloval:com.redhat.rhsa:tst:20200348053
          • commentcockpit-podman is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193403058
    rhsa
    idRHSA-2020:1379
    released2020-04-07
    severityImportant
    titleRHSA-2020:1379: container-tools:rhel8 security and bug fix update (Important)
  • bugzilla
    id1798453
    titleCVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentqemu-kvm-tools is earlier than 2:0.12.1.2-2.506.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20201403001
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-kvm is earlier than 2:0.12.1.2-2.506.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20201403003
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
        • AND
          • commentqemu-img is earlier than 2:0.12.1.2-2.506.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20201403005
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
        • AND
          • commentqemu-guest-agent is earlier than 2:0.12.1.2-2.506.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20201403007
          • commentqemu-guest-agent is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121234002
    rhsa
    idRHSA-2020:1403
    released2020-04-08
    severityImportant
    titleRHSA-2020:1403: qemu-kvm security and bug fix update (Important)
rpms
  • atomic-enterprise-service-catalog-1:4.3.3-202002170501.git.1.f30799e.el7
  • atomic-enterprise-service-catalog-svcat-1:4.3.3-202002170501.git.1.f30799e.el7
  • atomic-openshift-service-idler-0:4.3.3-202002170501.git.1.4feff9c.el7
  • cri-o-0:1.16.3-20.dev.rhaos4.3.git11c04e3.el7
  • cri-o-0:1.16.3-22.dev.rhaos4.3.git11c04e3.el8
  • cri-o-debuginfo-0:1.16.3-20.dev.rhaos4.3.git11c04e3.el7
  • cri-o-debuginfo-0:1.16.3-22.dev.rhaos4.3.git11c04e3.el8
  • cri-o-debugsource-0:1.16.3-22.dev.rhaos4.3.git11c04e3.el8
  • cri-tools-0:1.17.0-1.el8
  • dracut-0:049-64.git20200123.el8
  • dracut-caps-0:049-64.git20200123.el8
  • dracut-config-generic-0:049-64.git20200123.el8
  • dracut-config-rescue-0:049-64.git20200123.el8
  • dracut-debuginfo-0:049-64.git20200123.el8
  • dracut-debugsource-0:049-64.git20200123.el8
  • dracut-live-0:049-64.git20200123.el8
  • dracut-network-0:049-64.git20200123.el8
  • dracut-squash-0:049-64.git20200123.el8
  • dracut-tools-0:049-64.git20200123.el8
  • jenkins-0:2.204.1.1581950993-1.el7
  • jenkins-2-plugins-0:4.3.1581956184-1.el7
  • machine-config-daemon-0:4.3.3-202002170501.git.1.6b1b155.el8
  • openshift-ansible-0:4.3.3-202002142331.git.173.bb0b5a1.el7
  • openshift-ansible-test-0:4.3.3-202002142331.git.173.bb0b5a1.el7
  • openshift-clients-0:4.3.3-202002140552.git.1.ff73b47.el7
  • openshift-clients-0:4.3.3-202002140552.git.1.ff73b47.el8
  • openshift-clients-redistributable-0:4.3.3-202002140552.git.1.ff73b47.el7
  • openshift-clients-redistributable-0:4.3.3-202002140552.git.1.ff73b47.el8
  • openshift-hyperkube-0:4.3.3-202002140552.git.0.e38059c.el7
  • openshift-hyperkube-0:4.3.3-202002140552.git.0.e38059c.el8
  • openshift-kuryr-cni-0:4.3.3-202002170501.git.1.3b8b4cc.el8
  • openshift-kuryr-common-0:4.3.3-202002170501.git.1.3b8b4cc.el8
  • openshift-kuryr-controller-0:4.3.3-202002170501.git.1.3b8b4cc.el8
  • python3-kuryr-kubernetes-0:4.3.3-202002170501.git.1.3b8b4cc.el8
  • slirp4netns-0:0.4.2-4.git21fdece.el8
  • slirp4netns-debuginfo-0:0.4.2-4.git21fdece.el8
  • slirp4netns-debugsource-0:0.4.2-4.git21fdece.el8
  • toolbox-0:0.0.6-1.rhaos4.3.el8
  • slirp4netns-0:0.3.0-8.el7_7
  • slirp4netns-debuginfo-0:0.3.0-8.el7_7
  • qemu-img-10:1.5.3-173.el7_8.1
  • qemu-kvm-10:1.5.3-173.el7_8.1
  • qemu-kvm-common-10:1.5.3-173.el7_8.1
  • qemu-kvm-debuginfo-10:1.5.3-173.el7_8.1
  • qemu-kvm-tools-10:1.5.3-173.el7_8.1
  • qemu-img-ma-10:2.12.0-44.el7_8.1
  • qemu-kvm-common-ma-10:2.12.0-44.el7_8.1
  • qemu-kvm-ma-10:2.12.0-44.el7_8.1
  • qemu-kvm-ma-debuginfo-10:2.12.0-44.el7_8.1
  • qemu-kvm-tools-ma-10:2.12.0-44.el7_8.1
  • SLOF-0:20190703-1.gitba1ab360.module+el8.1.1+5309+6d656f05
  • hivex-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • hivex-debuginfo-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • hivex-debugsource-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • hivex-devel-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • libguestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-bash-completion-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-benchmarking-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-benchmarking-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-debugsource-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-devel-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-gfs2-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-gobject-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-gobject-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-gobject-devel-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-inspect-icons-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-java-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-java-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-java-devel-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-javadoc-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-man-pages-ja-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-man-pages-uk-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-rescue-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-rsync-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-tools-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-tools-c-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-tools-c-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libguestfs-winsupport-0:8.0-4.module+el8.1.1+5309+6d656f05
  • libguestfs-xfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • libiscsi-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libiscsi-debuginfo-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libiscsi-debugsource-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libiscsi-devel-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libiscsi-utils-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libiscsi-utils-debuginfo-0:1.18.0-8.module+el8.1.1+5309+6d656f05
  • libnbd-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • libnbd-debuginfo-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • libnbd-debugsource-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • libnbd-devel-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • libtpms-0:0.7.0-1.20191018gitdc116933b7.module+el8.1.1+5309+6d656f05
  • libtpms-debuginfo-0:0.7.0-1.20191018gitdc116933b7.module+el8.1.1+5309+6d656f05
  • libtpms-debugsource-0:0.7.0-1.20191018gitdc116933b7.module+el8.1.1+5309+6d656f05
  • libtpms-devel-0:0.7.0-1.20191018gitdc116933b7.module+el8.1.1+5309+6d656f05
  • libvirt-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-admin-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-admin-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-bash-completion-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-client-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-client-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-config-network-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-config-nwfilter-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-interface-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-interface-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-network-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-network-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-nodedev-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-nodedev-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-nwfilter-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-nwfilter-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-qemu-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-qemu-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-secret-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-secret-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-core-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-core-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-disk-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-disk-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-gluster-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-gluster-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-iscsi-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-iscsi-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-iscsi-direct-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-iscsi-direct-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-logical-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-logical-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-mpath-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-mpath-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-rbd-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-rbd-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-scsi-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-driver-storage-scsi-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-daemon-kvm-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-dbus-0:1.3.0-2.module+el8.1.1+5309+6d656f05
  • libvirt-dbus-debuginfo-0:1.3.0-2.module+el8.1.1+5309+6d656f05
  • libvirt-dbus-debugsource-0:1.3.0-2.module+el8.1.1+5309+6d656f05
  • libvirt-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-debugsource-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-devel-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-docs-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-libs-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-libs-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-lock-sanlock-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-lock-sanlock-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-nss-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-nss-debuginfo-0:5.6.0-10.module+el8.1.1+5309+6d656f05
  • libvirt-python-debugsource-0:5.6.0-3.module+el8.1.1+5309+6d656f05
  • lua-guestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • lua-guestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • nbdkit-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-bash-completion-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-basic-filters-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-basic-filters-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-basic-plugins-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-basic-plugins-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-curl-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-curl-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-debugsource-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-devel-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-example-plugins-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-example-plugins-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-gzip-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-gzip-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-linuxdisk-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-linuxdisk-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-python-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-python-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-server-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-server-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-ssh-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-ssh-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-vddk-plugin-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-vddk-plugin-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-xz-filter-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • nbdkit-xz-filter-debuginfo-0:1.12.5-2.module+el8.1.1+5309+6d656f05
  • netcf-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • netcf-debuginfo-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • netcf-debugsource-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • netcf-devel-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • netcf-libs-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • netcf-libs-debuginfo-0:0.2.8-12.module+el8.1.1+5309+6d656f05
  • ocaml-hivex-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • ocaml-hivex-debuginfo-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • ocaml-hivex-devel-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • ocaml-libguestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • ocaml-libguestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • ocaml-libguestfs-devel-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • ocaml-libnbd-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • ocaml-libnbd-debuginfo-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • ocaml-libnbd-devel-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • perl-Sys-Guestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • perl-Sys-Guestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • perl-Sys-Virt-0:5.6.0-2.module+el8.1.1+5309+6d656f05
  • perl-Sys-Virt-debuginfo-0:5.6.0-2.module+el8.1.1+5309+6d656f05
  • perl-Sys-Virt-debugsource-0:5.6.0-2.module+el8.1.1+5309+6d656f05
  • perl-hivex-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • perl-hivex-debuginfo-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • python3-hivex-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • python3-hivex-debuginfo-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • python3-libguestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • python3-libguestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • python3-libnbd-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • python3-libnbd-debuginfo-0:1.0.3-1.module+el8.1.1+5659+15cacc69
  • python3-libvirt-0:5.6.0-3.module+el8.1.1+5309+6d656f05
  • python3-libvirt-debuginfo-0:5.6.0-3.module+el8.1.1+5309+6d656f05
  • python3-pyvmomi-0:6.7.1-7.module+el8.1.1+5668+2d43f0bb
  • qemu-guest-agent-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-guest-agent-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-img-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-img-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-curl-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-curl-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-gluster-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-gluster-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-iscsi-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-iscsi-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-rbd-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-rbd-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-ssh-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-block-ssh-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-common-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-common-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-core-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-core-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-debugsource-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-tests-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • qemu-kvm-tests-debuginfo-15:4.1.0-23.module+el8.1.1+5938+f5e53076.2
  • ruby-hivex-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • ruby-hivex-debuginfo-0:1.3.15-7.module+el8.1.1+5309+6d656f05
  • ruby-libguestfs-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • ruby-libguestfs-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • seabios-0:1.12.0-5.module+el8.1.1+5309+6d656f05
  • seabios-bin-0:1.12.0-5.module+el8.1.1+5309+6d656f05
  • seavgabios-bin-0:1.12.0-5.module+el8.1.1+5309+6d656f05
  • sgabios-1:0.20170427git-3.module+el8.1.1+5309+6d656f05
  • sgabios-bin-1:0.20170427git-3.module+el8.1.1+5309+6d656f05
  • supermin-0:5.1.19-10.module+el8.1.1+5309+6d656f05
  • supermin-debuginfo-0:5.1.19-10.module+el8.1.1+5309+6d656f05
  • supermin-debugsource-0:5.1.19-10.module+el8.1.1+5309+6d656f05
  • supermin-devel-0:5.1.19-10.module+el8.1.1+5309+6d656f05
  • swtpm-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-debuginfo-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-debugsource-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-devel-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-libs-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-libs-debuginfo-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-tools-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • swtpm-tools-debuginfo-0:0.2.0-1.20191018git9227cf4.module+el8.1.1+5309+6d656f05
  • virglrenderer-0:0.6.0-5.20180814git491d3b705.module+el8.1.1+5309+6d656f05
  • virglrenderer-devel-0:0.6.0-5.20180814git491d3b705.module+el8.1.1+5309+6d656f05
  • virglrenderer-test-server-0:0.6.0-5.20180814git491d3b705.module+el8.1.1+5309+6d656f05
  • virt-dib-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • virt-dib-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • virt-p2v-maker-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • virt-v2v-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • virt-v2v-debuginfo-1:1.40.2-16.module+el8.1.1+5309+6d656f05
  • qemu-img-rhev-10:2.12.0-44.el7_8.1
  • qemu-kvm-common-rhev-10:2.12.0-44.el7_8.1
  • qemu-kvm-rhev-10:2.12.0-44.el7_8.1
  • qemu-kvm-rhev-debuginfo-10:2.12.0-44.el7_8.1
  • qemu-kvm-tools-rhev-10:2.12.0-44.el7_8.1
  • qemu-img-rhev-10:2.12.0-33.el7_7.10
  • qemu-kvm-common-rhev-10:2.12.0-33.el7_7.10
  • qemu-kvm-rhev-10:2.12.0-33.el7_7.10
  • qemu-kvm-rhev-debuginfo-10:2.12.0-33.el7_7.10
  • qemu-kvm-tools-rhev-10:2.12.0-33.el7_7.10
  • qemu-img-10:1.5.3-167.el7_7.6
  • qemu-kvm-10:1.5.3-167.el7_7.6
  • qemu-kvm-common-10:1.5.3-167.el7_7.6
  • qemu-kvm-debuginfo-10:1.5.3-167.el7_7.6
  • qemu-kvm-tools-10:1.5.3-167.el7_7.6
  • qemu-img-ma-10:2.12.0-33.el7_7.3
  • qemu-kvm-common-ma-10:2.12.0-33.el7_7.3
  • qemu-kvm-ma-10:2.12.0-33.el7_7.3
  • qemu-kvm-ma-debuginfo-10:2.12.0-33.el7_7.3
  • qemu-kvm-tools-ma-10:2.12.0-33.el7_7.3
  • buildah-0:1.11.6-6.module+el8.1.1+5865+cc793d95
  • buildah-debuginfo-0:1.11.6-6.module+el8.1.1+5865+cc793d95
  • buildah-debugsource-0:1.11.6-6.module+el8.1.1+5865+cc793d95
  • buildah-tests-0:1.11.6-6.module+el8.1.1+5865+cc793d95
  • buildah-tests-debuginfo-0:1.11.6-6.module+el8.1.1+5865+cc793d95
  • cockpit-podman-0:11-1.module+el8.1.1+5259+bcdd613a
  • conmon-2:2.0.6-1.module+el8.1.1+5259+bcdd613a
  • container-selinux-2:2.124.0-1.module+el8.1.1+5259+bcdd613a
  • containernetworking-plugins-0:0.8.3-4.module+el8.1.1+5259+bcdd613a
  • containernetworking-plugins-debuginfo-0:0.8.3-4.module+el8.1.1+5259+bcdd613a
  • containernetworking-plugins-debugsource-0:0.8.3-4.module+el8.1.1+5259+bcdd613a
  • containers-common-1:0.1.40-8.module+el8.1.1+5351+506397b0
  • fuse-overlayfs-0:0.7.2-5.module+el8.1.1+6114+953c5a57
  • fuse-overlayfs-debuginfo-0:0.7.2-5.module+el8.1.1+6114+953c5a57
  • fuse-overlayfs-debugsource-0:0.7.2-5.module+el8.1.1+6114+953c5a57
  • podman-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-debuginfo-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-debugsource-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-docker-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-manpages-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-remote-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-remote-debuginfo-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • podman-tests-0:1.6.4-4.module+el8.1.1+5885+44006e55
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.1.1+5259+bcdd613a
  • runc-0:1.0.0-64.rc9.module+el8.1.1+5259+bcdd613a
  • runc-debuginfo-0:1.0.0-64.rc9.module+el8.1.1+5259+bcdd613a
  • runc-debugsource-0:1.0.0-64.rc9.module+el8.1.1+5259+bcdd613a
  • skopeo-1:0.1.40-8.module+el8.1.1+5351+506397b0
  • skopeo-debuginfo-1:0.1.40-8.module+el8.1.1+5351+506397b0
  • skopeo-debugsource-1:0.1.40-8.module+el8.1.1+5351+506397b0
  • skopeo-tests-1:0.1.40-8.module+el8.1.1+5351+506397b0
  • slirp4netns-0:0.4.2-3.git21fdece.module+el8.1.1+5657+524a77d7
  • slirp4netns-debuginfo-0:0.4.2-3.git21fdece.module+el8.1.1+5657+524a77d7
  • slirp4netns-debugsource-0:0.4.2-3.git21fdece.module+el8.1.1+5657+524a77d7
  • toolbox-0:0.0.4-1.module+el8.1.1+4407+ac444e5d
  • udica-0:0.2.1-2.module+el8.1.1+4975+482d6f5d
  • qemu-guest-agent-2:0.12.1.2-2.506.el6_10.7
  • qemu-img-2:0.12.1.2-2.506.el6_10.7
  • qemu-kvm-2:0.12.1.2-2.506.el6_10.7
  • qemu-kvm-debuginfo-2:0.12.1.2-2.506.el6_10.7
  • qemu-kvm-tools-2:0.12.1.2-2.506.el6_10.7
  • qemu-img-rhev-10:2.12.0-18.el7_6.11
  • qemu-kvm-common-rhev-10:2.12.0-18.el7_6.11
  • qemu-kvm-rhev-10:2.12.0-18.el7_6.11
  • qemu-kvm-rhev-debuginfo-10:2.12.0-18.el7_6.11
  • qemu-kvm-tools-rhev-10:2.12.0-18.el7_6.11