Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-1364.NASLHistoryNov 11, 2018 - 12:00 a.m.
openSUSE Security Update : qemu (openSUSE-2018-1364) (Spectre)
2018-11-1100:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.141 Low
EPSS
Percentile
95.7%
This update for qemu fixes the following issues :
These security issues were fixed :
-
CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735).
-
CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223).
With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885).
This feature was added :
- Add support for block resize support for disks through the monitor (bsc#1094725).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-1364.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(118870);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2018-11806", "CVE-2018-12617", "CVE-2018-3639");
script_name(english:"openSUSE Security Update : qemu (openSUSE-2018-1364) (Spectre)");
script_summary(english:"Check for the openSUSE-2018-1364 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for qemu fixes the following issues :
These security issues were fixed :
- CVE-2018-12617: qmp_guest_file_read had an integer
overflow that could have been exploited by sending a
crafted QMP command (including guest-file-read with a
large count value) to the agent via the listening socket
causing DoS (bsc#1098735).
- CVE-2018-11806: Prevent heap-based buffer overflow via
incoming fragmented datagrams (bsc#1096223).
With this release the mitigations for Spectre v4 are moved the the
patches from upstream (CVE-2018-3639, bsc#1092885).
This feature was added :
- Add support for block resize support for disks through
the monitor (bsc#1094725).
This update was imported from the SUSE:SLE-12-SP3:Update update
project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092885"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094725"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096223"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098735"
);
# https://features.opensuse.org/325467
script_set_attribute(
attribute:"see_also",
value:"https://features.opensuse.org/"
);
script_set_attribute(attribute:"solution", value:"Update the affected qemu packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ipxe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ksm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-seabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-sgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-testsuite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-vgabios");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2018/11/09");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-ipxe-1.0.0-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-linux-user-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-linux-user-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-linux-user-debugsource-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-seabios-1.10.2-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-sgabios-8-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"qemu-vgabios-1.10.2-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-arm-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-arm-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-curl-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-curl-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-dmg-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-dmg-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-iscsi-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-iscsi-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-rbd-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-rbd-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-ssh-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-block-ssh-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-debugsource-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-extra-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-extra-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-guest-agent-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-guest-agent-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-ksm-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-kvm-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-lang-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-ppc-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-ppc-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-s390-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-s390-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-testsuite-2.9.1-47.2") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-tools-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-tools-debuginfo-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-x86-2.9.1-47.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"qemu-x86-debuginfo-2.9.1-47.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-linux-user / qemu-linux-user-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | qemu | p-cpe:/a:novell:opensuse:qemu |
| novell | opensuse | qemu-arm | p-cpe:/a:novell:opensuse:qemu-arm |
| novell | opensuse | qemu-arm-debuginfo | p-cpe:/a:novell:opensuse:qemu-arm-debuginfo |
| novell | opensuse | qemu-block-curl | p-cpe:/a:novell:opensuse:qemu-block-curl |
| novell | opensuse | qemu-block-curl-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo |
| novell | opensuse | qemu-block-dmg | p-cpe:/a:novell:opensuse:qemu-block-dmg |
| novell | opensuse | qemu-block-dmg-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo |
| novell | opensuse | qemu-block-iscsi | p-cpe:/a:novell:opensuse:qemu-block-iscsi |
| novell | opensuse | qemu-block-iscsi-debuginfo | p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo |
| novell | opensuse | qemu-block-rbd | p-cpe:/a:novell:opensuse:qemu-block-rbd |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
bugzilla.opensuse.org/show_bug.cgi?id=1092885
bugzilla.opensuse.org/show_bug.cgi?id=1094725
bugzilla.opensuse.org/show_bug.cgi?id=1096223
bugzilla.opensuse.org/show_bug.cgi?id=1098735
features.opensuse.org/
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2615-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2973-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2556-1)
2021-04-19 00:00:00
nessus
nessus
SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2650-1) (Spectre)
2018-09-10 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)
2018-10-03 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)
2018-08-31 00:00:00
suse
suse
Security update for qemu (moderate)
2018-11-10 00:23:53
Security update for qemu (moderate)
2018-08-17 12:15:11
Security update for qemu (moderate)
2018-09-12 12:07:50
fedora
fedora
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28
2019-05-21 01:14:13
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
zdi
zdi
redhat
redhat
(RHSA-2018:2762) Important: qemu-kvm-ma security update
2018-09-25 17:29:48
(RHSA-2018:2822) Important: qemu-kvm-rhev security update
2018-09-27 18:00:00
(RHSA-2018:2887) Important: qemu-kvm-rhev security update
2018-10-09 10:53:35
ubuntucve
ubuntucve
CVE-2018-11806
2018-06-13 00:00:00
CVE-2018-12617
2018-06-21 00:00:00
redhatcve
redhatcve
CVE-2018-12617
2020-03-17 07:33:51
CVE-2018-11806
2019-10-31 22:26:58
zdt
zdt
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
2018-06-22 00:00:00
cvelist
cvelist
CVE-2018-11806
2018-06-13 16:00:00
CVE-2018-12617
2018-06-21 18:00:00
nvd
nvd
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:01
debiancve
debiancve
cve
cve
CVE-2018-12617
2018-06-21 18:29:00
CVE-2018-11806
2018-06-13 16:29:01
veracode
veracode
Integer Overflow
2020-09-21 06:24:34
Denial Of Service (DoS)
2019-01-15 09:26:12
prion
prion
Integer overflow
2018-06-21 18:29:00
Heap overflow
2018-06-13 16:29:00
exploitpack
exploitpack
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
packetstorm
packetstorm
QEMU Guest Agent 2.12.50 Denial Of Service
2018-06-22 00:00:00
osv
osv
CVE-2018-11806
2018-06-13 16:29:01
f5
f5
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
exploitdb
exploitdb
QEMU Guest Agent 2.12.50 - Denial of Service
2018-06-22 00:00:00
centos
centos
kernel, perf, python security update
2018-05-22 15:35:50
java security update
2018-05-22 15:32:03
java security update
2018-05-22 15:30:51
virtuozzo
virtuozzo
ibm
ibm
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
oraclelinux
oraclelinux
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
java-1.7.0-openjdk security update
2018-05-22 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-07-27 21:57:40
alpinelinux
alpinelinux
CVE-2018-3639
2018-05-22 12:29:00
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
ubuntu
ubuntu
QEMU update
2018-05-21 00:00:00
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.141 Low
EPSS
Percentile
95.7%
Related for OPENSUSE-2018-1364.NASL