9.3 - USN-2891-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	QEMU vulnerabilities

Informations
Name	USN-2891-1	First vendor Publication	2016-02-03
Vendor	Ubuntu	Last vendor Modification	2016-02-03
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer

Details:

Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-7549)

Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8504)

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)

Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2015-8558)

Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)

Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)

Ling Liu discovered that QEMU incorrectly handled the Human Monitor Interface. A local attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)

David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset emulation when performing VM guest migrations. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)

Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2015-8743)

It was discovered that QEMU incorrectly handled the vmxnet3 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)

Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1568)

Donghai Zhu discovered that QEMU incorrect handled the firmware configuration device. An attacker inside the guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-1714)

It was discovered that QEMU incorrectly handled the e1000 device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-1981)

Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 15.10. (CVE-2016-2197)

Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-2198)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
qemu-system 1:2.3+dfsg-5ubuntu9.2
qemu-system-aarch64 1:2.3+dfsg-5ubuntu9.2
qemu-system-arm 1:2.3+dfsg-5ubuntu9.2
qemu-system-mips 1:2.3+dfsg-5ubuntu9.2
qemu-system-misc 1:2.3+dfsg-5ubuntu9.2
qemu-system-ppc 1:2.3+dfsg-5ubuntu9.2
qemu-system-sparc 1:2.3+dfsg-5ubuntu9.2
qemu-system-x86 1:2.3+dfsg-5ubuntu9.2

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.22
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.22
qemu-system-arm 2.0.0+dfsg-2ubuntu1.22
qemu-system-mips 2.0.0+dfsg-2ubuntu1.22
qemu-system-misc 2.0.0+dfsg-2ubuntu1.22
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.22
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.22
qemu-system-x86 2.0.0+dfsg-2ubuntu1.22

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.27

After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2891-1
CVE-2015-7549, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558,
CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619,
CVE-2015-8666, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745,
CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981,
CVE-2016-2197, CVE-2016-2198

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu9.2
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.22
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.27

Original Source

Url : http://www.ubuntu.com/usn/USN-2891-1

CWE : Common Weakness Enumeration

%	Id	Name
24 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
24 %	CWE-476	NULL Pointer Dereference
6 %	CWE-772	Missing Release of Resource after Effective Lifetime
6 %	CWE-617	Reachable Assertion
6 %	CWE-416	Use After Free
6 %	CWE-401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
6 %	CWE-369	Divide By Zero
6 %	CWE-284	Access Control (Authorization) Issues
6 %	CWE-125	Out-of-bounds Read
6 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
6 %	CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Qemu cpe:2.3:a:qemu:qemu:2.6.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.6.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.6.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.6.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.6.0:rc4:::::: cpe:2.3:a:qemu:qemu:2.5.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.5.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.5.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.5.0:-:::::: cpe:2.3:a:qemu:qemu:2.4.0:-:::::: cpe:2.3:a:qemu:qemu:2.4.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.4.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.3.1:::::::* cpe:2.3:a:qemu:qemu:2.3.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.3.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.3.0:-:::::: cpe:2.3:a:qemu:qemu:2.2.1:::::::* cpe:2.3:a:qemu:qemu:2.2.0:-:::::: cpe:2.3:a:qemu:qemu:2.1.3:::::::* cpe:2.3:a:qemu:qemu:2.1.2:r1:::::: cpe:2.3:a:qemu:qemu:2.1.2:::::::* cpe:2.3:a:qemu:qemu:2.1.1:::::::* cpe:2.3:a:qemu:qemu:2.1.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc5:::::: cpe:2.3:a:qemu:qemu:2.1.0:-:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.1.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.2:::::::* cpe:2.3:a:qemu:qemu:2.0.0:rc0:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc2:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc3:::::: cpe:2.3:a:qemu:qemu:2.0.0:rc1:::::: cpe:2.3:a:qemu:qemu:2.0.0:-:::::: cpe:2.3:a:qemu:qemu:1.7.1:::::::* cpe:2.3:a:qemu:qemu:1.6.2:::::::* cpe:2.3:a:qemu:qemu:1.6.1:::::::* cpe:2.3:a:qemu:qemu:1.6.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.6.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.6.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.3:::::::* cpe:2.3:a:qemu:qemu:1.5.2:::::::* cpe:2.3:a:qemu:qemu:1.5.1:::::::* cpe:2.3:a:qemu:qemu:1.5.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.5.0:-:::::: cpe:2.3:a:qemu:qemu:1.5.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.4.2:::::::* cpe:2.3:a:qemu:qemu:1.4.1:::::::* cpe:2.3:a:qemu:qemu:1.4.0:-:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.4.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.1:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.3.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.3.0:::::::* cpe:2.3:a:qemu:qemu:1.3.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.2:::::::* cpe:2.3:a:qemu:qemu:1.2.1:::::::* cpe:2.3:a:qemu:qemu:1.2.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc0:::::: cpe:2.3:a:qemu:qemu:1.2.0:-:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.2.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.1.2:::::::* cpe:2.3:a:qemu:qemu:1.1.1:::::::* cpe:2.3:a:qemu:qemu:1.1:rc4:::::: cpe:2.3:a:qemu:qemu:1.1:rc1:::::: cpe:2.3:a:qemu:qemu:1.1:rc2:::::: cpe:2.3:a:qemu:qemu:1.1:rc3:::::: cpe:2.3:a:qemu:qemu:1.1:-:::::: cpe:2.3:a:qemu:qemu:1.0.1:::::::* cpe:2.3:a:qemu:qemu:1.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.0:rc4:::::: cpe:2.3:a:qemu:qemu:1.0:-:::::: cpe:2.3:a:qemu:qemu:1:2.1+dfsg-12+deb8u6:::::::* cpe:2.3:a:qemu:qemu:1:2.8+dfsg-6+deb9u8:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8+deb10u2:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8~deb10u1:::::::* cpe:2.3:a:qemu:qemu:1:4.1-1:::::::* cpe:2.3:a:qemu:qemu:0.9.1-5:::::::* cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.15.2:::::::* cpe:2.3:a:qemu:qemu:0.15.1:::::::* cpe:2.3:a:qemu:qemu:0.15.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.15.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.15.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.1:::::::* cpe:2.3:a:qemu:qemu:0.14.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.13.0:-:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.12.5:::::::* cpe:2.3:a:qemu:qemu:0.12.4:::::::* cpe:2.3:a:qemu:qemu:0.12.3:::::::* cpe:2.3:a:qemu:qemu:0.12.2:::::::* cpe:2.3:a:qemu:qemu:0.12.1:::::::* cpe:2.3:a:qemu:qemu:0.12.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.12.0:-:::::: cpe:2.3:a:qemu:qemu:0.12.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc2:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc0:::::::* cpe:2.3:a:qemu:qemu:0.11.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.0:-:::::: cpe:2.3:a:qemu:qemu:0.10.6:::::::* cpe:2.3:a:qemu:qemu:0.10.5:::::::* cpe:2.3:a:qemu:qemu:0.10.4:::::::* cpe:2.3:a:qemu:qemu:0.10.3:::::::* cpe:2.3:a:qemu:qemu:0.10.2:::::::* cpe:2.3:a:qemu:qemu:0.10.1:::::::* cpe:2.3:a:qemu:qemu:0.10.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	152
Application	Redhat Openstack cpe:2.3:a:redhat:openstack:7.0:::::::* cpe:2.3:a:redhat:openstack:6.0:::::::* cpe:2.3:a:redhat:openstack:5.0:::::::*	3
Application	Suse Linux Enterprise Debuginfo cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:23:::::::* cpe:2.3:o:fedoraproject:fedora:22:::::::*	2
Os	Novell Suse Linux Enterprise Real Time Extension cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1::::::	1
Os	Opensuse Leap cpe:2.3:o:opensuse:leap:42.1:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::*	1
Os	Oracle Linux cpe:2.3:o:oracle:linux:7:::::::* cpe:2.3:o:oracle:linux:6:::::::*	2
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:12:-:::::: cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::	3
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_server:12:-:::::: cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::	3
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::	3
Os	Xen cpe:2.3:o:xen:xen:-:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2018-09-07	Name : The remote Debian host is missing a security update. File : debian_DLA-1497.nasl - Type : ACT_GATHER_INFO
2017-05-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1066.nasl - Type : ACT_GATHER_INFO
2016-12-15	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20161103_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-11-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-2585.nasl - Type : ACT_GATHER_INFO
2016-11-11	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-2585.nasl - Type : ACT_GATHER_INFO
2016-11-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-2585.nasl - Type : ACT_GATHER_INFO
2016-10-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1170.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1698-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1703-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1785-1.nasl - Type : ACT_GATHER_INFO
2016-07-28	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0089.nasl - Type : ACT_GATHER_INFO
2016-07-14	Name : The remote Fedora host is missing a security update. File : fedora_2016-f2b1f07256.nasl - Type : ACT_GATHER_INFO
2016-07-14	Name : The remote Fedora host is missing a security update. File : fedora_2016-a3298e39f7.nasl - Type : ACT_GATHER_INFO
2016-07-08	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-839.nasl - Type : ACT_GATHER_INFO
2016-06-22	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1560-1.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO
2016-05-31	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL75248350.nasl - Type : ACT_GATHER_INFO
2016-05-25	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0051.nasl - Type : ACT_GATHER_INFO
2016-05-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO
2016-05-18	Name : The remote Debian host is missing a security update. File : debian_DLA-479.nasl - Type : ACT_GATHER_INFO
2016-05-04	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1203-1.nasl - Type : ACT_GATHER_INFO
2016-04-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO
2016-04-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201604-03.nasl - Type : ACT_GATHER_INFO
2016-04-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201604-01.nasl - Type : ACT_GATHER_INFO
2016-04-01	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0911-1.nasl - Type : ACT_GATHER_INFO
2016-04-01	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO
2016-03-25	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO
2016-03-21	Name : The remote Fedora host is missing a security update. File : fedora_2016-38b20aa50f.nasl - Type : ACT_GATHER_INFO
2016-03-21	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3519.nasl - Type : ACT_GATHER_INFO
2016-03-21	Name : The remote Fedora host is missing a security update. File : fedora_2016-f4504e9445.nasl - Type : ACT_GATHER_INFO
2016-03-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0658-1.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-d8253e2b1d.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-e9bba2bb01.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-e1784417af.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-be042f7e6f.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-b49aaf2c56.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-890e612f52.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-42778e8c82.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-2c15b72b01.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-275e9ff483.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-c44bd3e0fa.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-b406a8e4f2.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-b2e8518b8e.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-12a089920e.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-08e4af5a20.nasl - Type : ACT_GATHER_INFO
2016-02-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0585-1.nasl - Type : ACT_GATHER_INFO
2016-02-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3471.nasl - Type : ACT_GATHER_INFO
2016-02-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3470.nasl - Type : ACT_GATHER_INFO
2016-02-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3469.nasl - Type : ACT_GATHER_INFO
2016-02-08	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-136.nasl - Type : ACT_GATHER_INFO
2016-02-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201602-01.nasl - Type : ACT_GATHER_INFO
2016-02-04	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2891-1.nasl - Type : ACT_GATHER_INFO
2016-02-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-124.nasl - Type : ACT_GATHER_INFO
2016-02-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-116.nasl - Type : ACT_GATHER_INFO
2016-02-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0083.nasl - Type : ACT_GATHER_INFO
2016-02-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0082.nasl - Type : ACT_GATHER_INFO
2016-02-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0081.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0082.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0082.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0083.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0083.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160128_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160128_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-01-25	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-36.nasl - Type : ACT_GATHER_INFO
2016-01-25	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-35.nasl - Type : ACT_GATHER_INFO
2016-01-25	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-34.nasl - Type : ACT_GATHER_INFO
2016-01-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0168-1.nasl - Type : ACT_GATHER_INFO
2016-01-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3434.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b3f9f8efb1bb11e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_152acff3b1bd11e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3fb06284b1b711e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_60cb2055b1b811e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_62ab8707b1bc11e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_67feba97b1b511e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-01-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9ad8993eb1ba11e59728002590263bf5.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2847-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2848-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2849-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2850-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2851-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2853-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2854-1.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2846-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-11-04 09:25:51	Multiple Updates
2017-04-13 21:24:39	Multiple Updates
2017-01-04 12:03:45	Multiple Updates
2016-05-24 00:35:48	Multiple Updates
2016-04-18 21:29:58	Multiple Updates
2016-04-14 21:30:37	Multiple Updates
2016-04-12 09:30:09	Multiple Updates
2016-04-11 17:27:31	Multiple Updates
2016-04-08 00:27:33	Multiple Updates
2016-02-05 13:27:44	Multiple Updates
2016-02-03 17:29:20	Multiple Updates
2016-02-03 17:24:48	First insertion

Global Informations

Type	Count
CWE ID(s)	17
CPE ID(s)	178
Nessus® Exploit(s)	87

	Related
8.8	CVE-2016-1568
8.2	CVE-2015-8550
8.1	CVE-2016-1714
7.9	CVE-2015-8666
7.7	CVE-2015-8567
7.5	CVE-2015-8619
7.1	CVE-2015-8743
6.5	CVE-2015-8613
6.5	CVE-2015-8568
6.5	CVE-2015-8504
6	CVE-2015-7549
5.5	CVE-2016-2198
5.5	CVE-2016-2197
5.5	CVE-2016-1981
5.5	CVE-2016-1922
5.5	CVE-2015-8745
5.5	CVE-2015-8744
5.5	CVE-2015-8558
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 18 more Alert(s)

9.3 - USN-2891-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU