SUSE SLES11 Security Update : kvm (SUSE-SU-2020:14396-1)

medium Nessus Plugin ID 150615
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14396-1 advisory.

- In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
(CVE-2019-12068)

- libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890)

- In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. (CVE-2019-6778)

- A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. (CVE-2020-1983)

- tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. (CVE-2020-7039)

- In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. (CVE-2020-8608)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kvm package.

See Also

https://bugzilla.suse.com/1123156

https://bugzilla.suse.com/1146873

https://bugzilla.suse.com/1149811

https://bugzilla.suse.com/1161066

https://bugzilla.suse.com/1163018

https://bugzilla.suse.com/1170940

http://www.nessus.org/u?8719bd2a

https://www.suse.com/security/cve/CVE-2019-12068

https://www.suse.com/security/cve/CVE-2019-15890

https://www.suse.com/security/cve/CVE-2019-6778

https://www.suse.com/security/cve/CVE-2020-1983

https://www.suse.com/security/cve/CVE-2020-7039

https://www.suse.com/security/cve/CVE-2020-8608

Plugin Details

Severity: Medium

ID: 150615

File Name: suse_SU-2020-14396-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-8608

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kvm, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2020

Vulnerability Publication Date: 1/24/2019

Reference Information

CVE: CVE-2019-6778, CVE-2019-12068, CVE-2019-15890, CVE-2020-1983, CVE-2020-7039, CVE-2020-8608

SuSE: SUSE-SU-2020:14396-1