7.2 - USN-1590-1

Executive Summary

Summary
Title	QEMU vulnerability

Informations
Name	USN-1590-1	First vendor Publication	2012-10-02
Vendor	Ubuntu	Last vendor Modification	2012-10-02
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS

Summary:

QEMU could be made to crash or run programs.

Software Description: - qemu-kvm: Machine emulator and virtualizer

Details:

It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2

Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5

Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20

After a standard system update you need to restart your virtual machines to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515

Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20

Original Source

Url : http://www.ubuntu.com/usn/USN-1590-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18182

Oval ID:	oval:org.mitre.oval:def:18182
Title:	USN-1590-1 -- qemu-kvm vulnerability
Description:	QEMU could be made to crash or run programs.
Family:	unix	Class:	patch
Reference(s):	USN-1590-1 CVE-2012-3515	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04	Product(s):	qemu-kvm
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND qemu-kvm DPKG is earlier than 1.0+noroms-0ubuntu14.2 AND Release section Ubuntu 11.10 is installed AND qemu-kvm DPKG is earlier than 0.14.1+noroms-0ubuntu6.5 AND Release section Ubuntu 11.04 is installed AND qemu-kvm DPKG is earlier than 0.14.0+noroms-0ubuntu4.7 AND Release section Ubuntu 10.04 is installed AND qemu-kvm DPKG is earlier than 0.12.3+noroms-0ubuntu9.20

Definition Id: oval:org.mitre.oval:def:18326

Oval ID:	oval:org.mitre.oval:def:18326
Title:	DSA-2542-1 qemu-kvm - multiple
Description:	Multiple vulnerabilities have been discovered in KVM, a full virtualization solution on x86 hardware.
Family:	unix	Class:	patch
Reference(s):	DSA-2542-1 CVE-2012-2652 CVE-2012-3515	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	qemu-kvm
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu-kvm DPKG is earlier than 0.12.5+dfsg-5+squeeze9

Definition Id: oval:org.mitre.oval:def:19980

Oval ID:	oval:org.mitre.oval:def:19980
Title:	DSA-2545-1 qemu - multiple
Description:	Multiple vulnerabilities have been discovered in QEMU, a fast processor emulator.
Family:	unix	Class:	patch
Reference(s):	DSA-2545-1 CVE-2012-2652 CVE-2012-3515	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	qemu
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND qemu DPKG is earlier than 0:0.12.5+dfsg-3squeeze2

Definition Id: oval:org.mitre.oval:def:21145

Oval ID:	oval:org.mitre.oval:def:21145
Title:	RHSA-2012:1236: xen security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1236-00 CESA-2012:1236 CVE-2012-3515	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	xen
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section xen-libs is earlier than 0:3.0.3-135.el5_8.5 AND xen is earlier than 0:3.0.3-135.el5_8.5 AND xen-devel is earlier than 0:3.0.3-135.el5_8.5

Definition Id: oval:org.mitre.oval:def:21464

Oval ID:	oval:org.mitre.oval:def:21464
Title:	RHSA-2012:1235: kvm security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1235-00 CESA-2012:1235 CVE-2012-3515	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	kvm
Definition Synopsis:
Redhat 5 section The operating system installed on the system is Red Hat Enterprise Linux 5 AND Packages section kmod-kvm-debug is earlier than 0:83-249.el5_8.5 AND kvm is earlier than 0:83-249.el5_8.5 AND kmod-kvm is earlier than 0:83-249.el5_8.5 AND kvm-qemu-img is earlier than 0:83-249.el5_8.5 AND kvm-tools is earlier than 0:83-249.el5_8.5 OR Centos 5 section The operating system installed on the system is CentOS Linux 5.x AND Packages section kmod-kvm-debug is earlier than 0:83-249.el5.centos.5 AND kvm is earlier than 0:83-249.el5.centos.5 AND kmod-kvm is earlier than 0:83-249.el5.centos.5 AND kvm-qemu-img is earlier than 0:83-249.el5.centos.5 AND kvm-tools is earlier than 0:83-249.el5.centos.5

Definition Id: oval:org.mitre.oval:def:21575

Oval ID:	oval:org.mitre.oval:def:21575
Title:	RHSA-2012:1234: qemu-kvm security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1234-01 CESA-2012:1234 CVE-2012-3515	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section qemu-kvm is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-img is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-kvm-tools is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-guest-agent is earlier than 2:0.12.1.2-2.295.el6_3.2

Definition Id: oval:org.mitre.oval:def:22862

Oval ID:	oval:org.mitre.oval:def:22862
Title:	ELSA-2012:1235: kvm security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1235-00 CVE-2012-3515	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	kvm
Definition Synopsis:
Oracle Linux 5.x rpm test kmod-kvm-debug is earlier than 0:83-249.el5_8.5 AND kvm is earlier than 0:83-249.el5_8.5 AND kmod-kvm is earlier than 0:83-249.el5_8.5 AND kvm-qemu-img is earlier than 0:83-249.el5_8.5 AND kvm-tools is earlier than 0:83-249.el5_8.5

Definition Id: oval:org.mitre.oval:def:22996

Oval ID:	oval:org.mitre.oval:def:22996
Title:	ELSA-2012:1236: xen security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1236-00 CVE-2012-3515	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	xen
Definition Synopsis:
Oracle Linux 5.x rpm test xen-libs is earlier than 0:3.0.3-135.el5_8.5 AND xen is earlier than 0:3.0.3-135.el5_8.5 AND xen-devel is earlier than 0:3.0.3-135.el5_8.5

Definition Id: oval:org.mitre.oval:def:23955

Oval ID:	oval:org.mitre.oval:def:23955
Title:	ELSA-2012:1234: qemu-kvm security update (Important)
Description:	Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1234-01 CVE-2012-3515	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 6.x rpm test qemu-kvm is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-img is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-kvm-tools is earlier than 2:0.12.1.2-2.295.el6_3.2 AND qemu-guest-agent is earlier than 2:0.12.1.2-2.295.el6_3.2

Definition Id: oval:org.mitre.oval:def:27565

Oval ID:	oval:org.mitre.oval:def:27565
Title:	DEPRECATED: ELSA-2012-1235 -- kvm security update (important)
Description:	[83-249.0.1.el5_8.5] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [83-249.el5_8.5] - kvm-console-bounds-check-whenever-changing-the-cursor-du-58.patch [bz#851255] - CVE: CVE-2012-3515 - Resolves: bz#851255 (EMBARGOED CVE-2012-3515 qemu/kvm: VT100 emulation vulnerability [rhel-5.8.z])
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1235 CVE-2012-3515	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	kvm
Definition Synopsis:
Oracle Linux 5.x Packages match section kvm is earlier than 0:83-249.0.1.el5_8.5 AND kmod-kvm is earlier than 0:83-249.0.1.el5_8.5 AND kmod-kvm-debug is earlier than 0:83-249.0.1.el5_8.5 AND kvm-qemu-img is earlier than 0:83-249.0.1.el5_8.5 AND kvm-tools is earlier than 0:83-249.0.1.el5_8.5

Definition Id: oval:org.mitre.oval:def:27721

Oval ID:	oval:org.mitre.oval:def:27721
Title:	DEPRECATED: ELSA-2012-1234 -- qemu-kvm security update (important)
Description:	[0.12.1.2-2.295.el6_3.2] - kvm-console-bounds-check-whenever-changing-the-cursor-du.patch [bz#851257 - Resolves: bz#851257 (EMBARGOED CVE-2012-3515 qemu/kvm: VT100 emulation vulnerability [rhel-6.3.z])
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1234 CVE-2012-3515	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	qemu-kvm
Definition Synopsis:
Oracle Linux 6.x Packages match section qemu-kvm is earlier than 0:0.12.1.2-2.295.el6_3.2 AND qemu-guest-agent is earlier than 0:0.12.1.2-2.295.el6_3.2 AND qemu-img is earlier than 0:0.12.1.2-2.295.el6_3.2 AND qemu-kvm-tools is earlier than 0:0.12.1.2-2.295.el6_3.2

Definition Id: oval:org.mitre.oval:def:27797

Oval ID:	oval:org.mitre.oval:def:27797
Title:	DEPRECATED: ELSA-2012-1236 -- xen security update (important)
Description:	[3.0.3-135.el5_8.5] - console: Prevent escape sequence length overflow (rhbz 851253)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1236 CVE-2012-3515	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	xen
Definition Synopsis:
Oracle Linux 5.x Packages match section xen is earlier than 0:3.0.3-135.el5_8.5 AND xen-devel is earlier than 0:3.0.3-135.el5_8.5 AND xen-libs is earlier than 0:3.0.3-135.el5_8.5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Qemu cpe:2.3:a:qemu:qemu:1.1.2:::::::* cpe:2.3:a:qemu:qemu:1.1.1:::::::* cpe:2.3:a:qemu:qemu:1.1:rc4:::::: cpe:2.3:a:qemu:qemu:1.1:rc1:::::: cpe:2.3:a:qemu:qemu:1.1:rc2:::::: cpe:2.3:a:qemu:qemu:1.1:rc3:::::: cpe:2.3:a:qemu:qemu:1.1:-:::::: cpe:2.3:a:qemu:qemu:1.0.1:::::::* cpe:2.3:a:qemu:qemu:1.0:rc3:::::: cpe:2.3:a:qemu:qemu:1.0:rc2:::::: cpe:2.3:a:qemu:qemu:1.0:rc1:::::: cpe:2.3:a:qemu:qemu:1.0:rc4:::::: cpe:2.3:a:qemu:qemu:1.0:-:::::: cpe:2.3:a:qemu:qemu:1:2.1+dfsg-12+deb8u6:::::::* cpe:2.3:a:qemu:qemu:1:2.8+dfsg-6+deb9u8:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8+deb10u2:::::::* cpe:2.3:a:qemu:qemu:1:3.1+dfsg-8~deb10u1:::::::* cpe:2.3:a:qemu:qemu:1:4.1-1:::::::* cpe:2.3:a:qemu:qemu:0.9.1-5:::::::* cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.15.2:::::::* cpe:2.3:a:qemu:qemu:0.15.1:::::::* cpe:2.3:a:qemu:qemu:0.15.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.15.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.15.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.1:::::::* cpe:2.3:a:qemu:qemu:0.14.0:-:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.14.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.13.0:-:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.13.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.12.5:::::::* cpe:2.3:a:qemu:qemu:0.12.4:::::::* cpe:2.3:a:qemu:qemu:0.12.3:::::::* cpe:2.3:a:qemu:qemu:0.12.2:::::::* cpe:2.3:a:qemu:qemu:0.12.1:::::::* cpe:2.3:a:qemu:qemu:0.12.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.12.0:-:::::: cpe:2.3:a:qemu:qemu:0.12.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc2:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc1:::::::* cpe:2.3:a:qemu:qemu:0.11.0-rc0:::::::* cpe:2.3:a:qemu:qemu:0.11.0:rc1:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc0:::::: cpe:2.3:a:qemu:qemu:0.11.0:rc2:::::: cpe:2.3:a:qemu:qemu:0.11.0:-:::::: cpe:2.3:a:qemu:qemu:0.10.6:::::::* cpe:2.3:a:qemu:qemu:0.10.5:::::::* cpe:2.3:a:qemu:qemu:0.10.4:::::::* cpe:2.3:a:qemu:qemu:0.10.3:::::::* cpe:2.3:a:qemu:qemu:0.10.2:::::::* cpe:2.3:a:qemu:qemu:0.10.1:::::::* cpe:2.3:a:qemu:qemu:0.10.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	87
Application	Redhat Virtualization cpe:2.3:a:redhat:virtualization:6.0:::::::* cpe:2.3:a:redhat:virtualization:5.0:::::::*	2
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:debian:debian_linux:6.0:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.2:::::::* cpe:2.3:o:opensuse:opensuse:12.1:::::::* cpe:2.3:o:opensuse:opensuse:11.4:::::::*	3
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*	2
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*	2
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*	2
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:::::: cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::	2
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::* cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::* cpe:2.3:o:suse:linux_enterprise_server:10:sp2:::::: cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::* cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::	6
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::	2
Os	Xen cpe:2.3:o:xen:xen:4.1.0:::::::* cpe:2.3:o:xen:xen:4.0.0:::::::*	2

OpenVAS Exploits

Date	Description
2012-12-18	Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14	Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13	Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN) File : nvt/gb_suse_2012_1572_1.nasl
2012-12-13	Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security) File : nvt/gb_suse_2012_1174_1.nasl
2012-12-13	Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security) File : nvt/gb_suse_2012_1172_1.nasl
2012-12-13	Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu) File : nvt/gb_suse_2012_1170_1.nasl
2012-11-23	Name : Fedora Update for xen FEDORA-2012-18249 File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23	Name : Fedora Update for xen FEDORA-2012-18242 File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15	Name : Fedora Update for xen FEDORA-2012-17408 File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-15	Name : Fedora Update for xen FEDORA-2012-17204 File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-10-19	Name : Fedora Update for qemu FEDORA-2012-15606 File : nvt/gb_fedora_2012_15606_qemu_fc16.nasl
2012-10-16	Name : Fedora Update for qemu FEDORA-2012-15740 File : nvt/gb_fedora_2012_15740_qemu_fc17.nasl
2012-10-03	Name : Ubuntu Update for qemu-kvm USN-1590-1 File : nvt/gb_ubuntu_USN_1590_1.nasl
2012-09-22	Name : Fedora Update for xen FEDORA-2012-13443 File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-09-22	Name : Fedora Update for xen FEDORA-2012-13434 File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-15	Name : Debian Security Advisory DSA 2545-1 (qemu) File : nvt/deb_2545_1.nasl
2012-09-15	Name : Debian Security Advisory DSA 2543-1 (xen-qemu-dm-4.0) File : nvt/deb_2543_1.nasl
2012-09-15	Name : Debian Security Advisory DSA 2542-1 (qemu-kvm) File : nvt/deb_2542_1.nasl
2012-09-07	Name : RedHat Update for xen RHSA-2012:1236-01 File : nvt/gb_RHSA-2012_1236-01_xen.nasl
2012-09-07	Name : RedHat Update for qemu-kvm RHSA-2012:1234-01 File : nvt/gb_RHSA-2012_1234-01_qemu-kvm.nasl
2012-09-07	Name : CentOS Update for xen CESA-2012:1236 centos5 File : nvt/gb_CESA-2012_1236_xen_centos5.nasl
2012-09-07	Name : CentOS Update for kmod-kvm CESA-2012:1235 centos5 File : nvt/gb_CESA-2012_1235_kmod-kvm_centos5.nasl
2012-09-07	Name : CentOS Update for qemu-guest-agent CESA-2012:1234 centos6 File : nvt/gb_CESA-2012_1234_qemu-guest-agent_centos6.nasl

Nessus® Vulnerability Scanner

Date	Description
2016-04-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201604-03.nasl - Type : ACT_GATHER_INFO
2016-01-06	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13405416.nasl - Type : ACT_GATHER_INFO
2015-06-12	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2012-0048.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2012-0046.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2012-0040.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2012-0039.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1262.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1233.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-591.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-596.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-597.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-598.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-599.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-811.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-812.nasl - Type : ACT_GATHER_INFO
2013-09-28	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-24.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1236.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1235.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1234.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-121.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201209-120829.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201209-120831.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-120831.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1234.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1235.nasl - Type : ACT_GATHER_INFO
2012-10-17	Name : The remote Fedora host is missing a security update. File : fedora_2012-15606.nasl - Type : ACT_GATHER_INFO
2012-10-15	Name : The remote Fedora host is missing a security update. File : fedora_2012-15740.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1590-1.nasl - Type : ACT_GATHER_INFO
2012-09-18	Name : The remote Fedora host is missing a security update. File : fedora_2012-13443.nasl - Type : ACT_GATHER_INFO
2012-09-10	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xen-201209-8268.nasl - Type : ACT_GATHER_INFO
2012-09-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2545.nasl - Type : ACT_GATHER_INFO
2012-09-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2543.nasl - Type : ACT_GATHER_INFO
2012-09-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2542.nasl - Type : ACT_GATHER_INFO
2012-09-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1234.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120905_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1236.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120905_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120905_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1236.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1235.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:00:49	Multiple Updates
2012-11-26 21:19:51	Multiple Updates
2012-11-24 00:24:39	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	12
CPE ID(s)	117
Openvas Exploit(s)	23
Nessus® Exploit(s)	42

	Related
7.2	CVE-2012-3515
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.2 - USN-1590-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU