7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%
This update for xen to version 4.11.2 fixes the following issues :
Security issues fixed :
CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
Other issues fixed: Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717).
Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
Fixed an issue where libxenlight could not create new domain (bsc#1131811).
Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2753-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(130197);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id(
"CVE-2018-12126",
"CVE-2018-12127",
"CVE-2018-12130",
"CVE-2019-11091",
"CVE-2019-12068",
"CVE-2019-14378",
"CVE-2019-15890",
"CVE-2019-17340",
"CVE-2019-17341",
"CVE-2019-17342",
"CVE-2019-17343",
"CVE-2019-17344",
"CVE-2019-17345",
"CVE-2019-17346",
"CVE-2019-17347",
"CVE-2019-17348"
);
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_xref(name:"CEA-ID", value:"CEA-2019-0324");
script_name(english:"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2753-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for xen to version 4.11.2 fixes the following issues :
Security issues fixed :
CVE-2019-15890: Fixed a use-after-free in SLiRP networking
implementation of QEMU emulator which could have led to Denial of
Service (bsc#1149813).
CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite
loop and denial of service (bsc#1146874).
CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking
implementation of QEMU emulator which could have led to execution of
arbitrary code with privileges of the QEMU process (bsc#1143797).
Other issues fixed: Fixed an HPS bug which did not allow to install
Windows Server 2016 with 2 CPUs setting or above (bsc#1137717).
Fixed a segmentation fault in Libvrtd during live migration to a VM
(bsc#1145774).
Fixed an issue where libxenlight could not create new domain
(bsc#1131811).
Fixed an issue where attached pci devices were lost after reboot
(bsc#1129642).
Fixed an issue where Xen could not pre-allocate 1 shadow page
(bsc#1145240).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027519");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111331");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126140");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126141");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126192");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126195");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126196");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126197");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126198");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126201");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127400");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138294");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1143797");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145240");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146874");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149813");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12126/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12127/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12130/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11091/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12068/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14378/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15890/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17340/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17341/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17342/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17343/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17344/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17345/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17346/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17347/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17348/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91ab9f99");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-2753=1
SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-2753=1
SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-2753=1");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17346");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-debugsource-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-debuginfo-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-debugsource-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.11.2_02-2.14.2")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xen-libs-debuginfo-4.11.2_02-2.14.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | xen | p-cpe:/a:novell:suse_linux:xen |
novell | suse_linux | xen-debugsource | p-cpe:/a:novell:suse_linux:xen-debugsource |
novell | suse_linux | xen-doc-html | p-cpe:/a:novell:suse_linux:xen-doc-html |
novell | suse_linux | xen-libs | p-cpe:/a:novell:suse_linux:xen-libs |
novell | suse_linux | xen-libs-debuginfo | p-cpe:/a:novell:suse_linux:xen-libs-debuginfo |
novell | suse_linux | xen-tools | p-cpe:/a:novell:suse_linux:xen-tools |
novell | suse_linux | xen-tools-debuginfo | p-cpe:/a:novell:suse_linux:xen-tools-debuginfo |
novell | suse_linux | xen-tools-domu | p-cpe:/a:novell:suse_linux:xen-tools-domu |
novell | suse_linux | xen-tools-domu-debuginfo | p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17348
www.nessus.org/u?91ab9f99
bugzilla.suse.com/show_bug.cgi?id=1027519
bugzilla.suse.com/show_bug.cgi?id=1111331
bugzilla.suse.com/show_bug.cgi?id=1126140
bugzilla.suse.com/show_bug.cgi?id=1126141
bugzilla.suse.com/show_bug.cgi?id=1126192
bugzilla.suse.com/show_bug.cgi?id=1126195
bugzilla.suse.com/show_bug.cgi?id=1126196
bugzilla.suse.com/show_bug.cgi?id=1126197
bugzilla.suse.com/show_bug.cgi?id=1126198
bugzilla.suse.com/show_bug.cgi?id=1126201
bugzilla.suse.com/show_bug.cgi?id=1127400
bugzilla.suse.com/show_bug.cgi?id=1129642
bugzilla.suse.com/show_bug.cgi?id=1131811
bugzilla.suse.com/show_bug.cgi?id=1137717
bugzilla.suse.com/show_bug.cgi?id=1138294
bugzilla.suse.com/show_bug.cgi?id=1143797
bugzilla.suse.com/show_bug.cgi?id=1145240
bugzilla.suse.com/show_bug.cgi?id=1145774
bugzilla.suse.com/show_bug.cgi?id=1146874
bugzilla.suse.com/show_bug.cgi?id=1149813
www.suse.com/security/cve/CVE-2018-12126/
www.suse.com/security/cve/CVE-2018-12127/
www.suse.com/security/cve/CVE-2018-12130/
www.suse.com/security/cve/CVE-2019-11091/
www.suse.com/security/cve/CVE-2019-12068/
www.suse.com/security/cve/CVE-2019-14378/
www.suse.com/security/cve/CVE-2019-15890/
www.suse.com/security/cve/CVE-2019-17340/
www.suse.com/security/cve/CVE-2019-17341/
www.suse.com/security/cve/CVE-2019-17342/
www.suse.com/security/cve/CVE-2019-17343/
www.suse.com/security/cve/CVE-2019-17344/
www.suse.com/security/cve/CVE-2019-17345/
www.suse.com/security/cve/CVE-2019-17346/
www.suse.com/security/cve/CVE-2019-17347/
www.suse.com/security/cve/CVE-2019-17348/
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%