ID CVE-2018-5748
Summary qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
References
Vulnerable Configurations
  • Red Hat libvirt
    cpe:2.3:a:redhat:libvirt
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Red Hat Virtualization 4.0
    cpe:2.3:o:redhat:virtualization:4.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-400
CAPEC
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-08 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-25
    plugin id 108929
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108929
    title GLSA-201804-08 : QEMU: Multiple vulnerabilities (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1295-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes : - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109861
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109861
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1295-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0279-1.NASL
    description This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) - s390: Fix missing host cpu model info. (bsc#1065766) - cpu: Add new EPYC CPU model. (bsc#1052825, fate#324038) - pci: Fix the detection of the link's maximum speed. (bsc#1064947) - nodedev: Increase the netlink socket buffer size. (bsc#1035442) - storage: Fix a race between the volume creation and the pool refresh. (bsc#1062571) - daemon: Drop the minsize directive from hypervisor logrotate files. (bsc#1062760) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106526
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106526
    title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0279-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3576-1.NASL
    description Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106928
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106928
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-07 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A local privileged attacker could execute arbitrary commands or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 108928
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108928
    title GLSA-201804-07 : libvirt: Multiple vulnerabilities
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1277.NASL
    description According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117585
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117585
    title EulerOS Virtualization 2.5.0 : libvirt (EulerOS-SA-2018-1277)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180515_LIBVIRT_ON_SL7_X.NASL
    description Security Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : - Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. - In Scientific Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. - The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. - Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 109853
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109853
    title Scientific Linux Security Update : libvirt on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0838-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). - CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500). Non-security issues fixed : - bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4. - bsc#1055365: Improve performance when listing hundreds of interfaces. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108745
    published 2018-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108745
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:0838-1) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1253.NASL
    description According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117562
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117562
    title EulerOS Virtualization 2.5.1 : libvirt (EulerOS-SA-2018-1253)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-115.NASL
    description This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) - s390: Fix missing host cpu model info. (bsc#1065766) - cpu: Add new EPYC CPU model. (bsc#1052825, fate#324038) - pci: Fix the detection of the link's maximum speed. (bsc#1064947) - nodedev: Increase the netlink socket buffer size. (bsc#1035442) - storage: Fix a race between the volume creation and the pool refresh. (bsc#1062571) - daemon: Drop the minsize directive from hypervisor logrotate files. (bsc#1062760) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 106546
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106546
    title openSUSE Security Update : libvirt (openSUSE-2018-115)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0385-1.NASL
    description This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106674
    published 2018-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106674
    title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0385-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1197.NASL
    description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110861
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110861
    title EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1315.NASL
    description Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources. For Debian 7 'Wheezy', these problems have been fixed in version 0.9.12.3-1+deb7u3. We recommend that you upgrade your libvirt packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 108605
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108605
    title Debian DLA-1315-1 : libvirt security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1929.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110606
    published 2018-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110606
    title RHEL 6 : libvirt (RHSA-2018:1929)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1049.NASL
    description An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 111336
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111336
    title Amazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1929.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110651
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110651
    title CentOS 6 : libvirt (CESA-2018:1929)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4137.NASL
    description Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library : - CVE-2018-1064 Daniel Berrange discovered that the QEMU guest agent performed insufficient validation of incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service. - CVE-2018-5748 Daniel Berrange and Peter Krempa discovered that the QEMU monitor was susceptible to denial of service by memory exhaustion. This was already fixed in Debian stretch and only affects Debian jessie. - CVE-2018-6764 Pedro Sampaio discovered that LXC containers detected the hostname insecurely. This only affects Debian stretch.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108346
    published 2018-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108346
    title Debian DSA-4137-1 : libvirt - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1396.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109833
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109833
    title RHEL 7 : libvirt (RHSA-2018:1396)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1396.NASL
    description From Red Hat Security Advisory 2018:1396 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-05-16
    plugin id 109808
    published 2018-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109808
    title Oracle Linux 7 : libvirt (ELSA-2018-1396)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1396.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110247
    published 2018-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110247
    title CentOS 7 : libvirt (CESA-2018:1396)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1929.NASL
    description From Red Hat Security Advisory 2018:1929 : An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 110706
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110706
    title Oracle Linux 6 : libvirt (ELSA-2018-1929)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180619_LIBVIRT_ON_SL6_X.NASL
    description Security Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110888
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110888
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2082-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111434
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111434
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2082-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2141-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). Bug fixes : - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services. - bsc#956298: virsh domxml-to-native causes segfault of libvirtd. - bsc#964465: libvirtd.service causes systemd warning about xencommons service. - bsc#954872: Script block-dmmd not working as expected. - bsc#854343: libvirt installation run inappropriate systemd restart. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111503
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111503
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)
redhat via4
advisories
  • bugzilla
    id 1566525
    title Hosted Engine VM (deployed in the past) fails to reboot with 'libvirtError: internal error: failed to format device alias for PTY retrieval' due to an error in console device in libvirt XML generated by the engine [rhel-7.5.z]
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment libvirt is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396011
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581006
      • AND
        • comment libvirt-admin is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396021
        • comment libvirt-admin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029062
      • AND
        • comment libvirt-client is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396005
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581008
      • AND
        • comment libvirt-daemon is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396023
        • comment libvirt-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914016
      • AND
        • comment libvirt-daemon-config-network is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396025
        • comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914008
      • AND
        • comment libvirt-daemon-config-nwfilter is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396009
        • comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914022
      • AND
        • comment libvirt-daemon-driver-interface is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396061
        • comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914028
      • AND
        • comment libvirt-daemon-driver-lxc is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396043
        • comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914026
      • AND
        • comment libvirt-daemon-driver-network is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396031
        • comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914010
      • AND
        • comment libvirt-daemon-driver-nodedev is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396017
        • comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914020
      • AND
        • comment libvirt-daemon-driver-nwfilter is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396051
        • comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914038
      • AND
        • comment libvirt-daemon-driver-qemu is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396057
        • comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914040
      • AND
        • comment libvirt-daemon-driver-secret is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396053
        • comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914012
      • AND
        • comment libvirt-daemon-driver-storage is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396015
        • comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914018
      • AND
        • comment libvirt-daemon-driver-storage-core is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396047
        • comment libvirt-daemon-driver-storage-core is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029050
      • AND
        • comment libvirt-daemon-driver-storage-disk is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396027
        • comment libvirt-daemon-driver-storage-disk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029056
      • AND
        • comment libvirt-daemon-driver-storage-gluster is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396049
        • comment libvirt-daemon-driver-storage-gluster is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029008
      • AND
        • comment libvirt-daemon-driver-storage-iscsi is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396035
        • comment libvirt-daemon-driver-storage-iscsi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029026
      • AND
        • comment libvirt-daemon-driver-storage-logical is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396039
        • comment libvirt-daemon-driver-storage-logical is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029036
      • AND
        • comment libvirt-daemon-driver-storage-mpath is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396019
        • comment libvirt-daemon-driver-storage-mpath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029058
      • AND
        • comment libvirt-daemon-driver-storage-rbd is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396033
        • comment libvirt-daemon-driver-storage-rbd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029046
      • AND
        • comment libvirt-daemon-driver-storage-scsi is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396045
        • comment libvirt-daemon-driver-storage-scsi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029042
      • AND
        • comment libvirt-daemon-kvm is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396041
        • comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914044
      • AND
        • comment libvirt-daemon-lxc is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396063
        • comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914030
      • AND
        • comment libvirt-devel is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396055
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581010
      • AND
        • comment libvirt-docs is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396013
        • comment libvirt-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914032
      • AND
        • comment libvirt-libs is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396059
        • comment libvirt-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180029054
      • AND
        • comment libvirt-lock-sanlock is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396029
        • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581014
      • AND
        • comment libvirt-login-shell is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396007
        • comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914014
      • AND
        • comment libvirt-nss is earlier than 0:3.9.0-14.el7_5.4
          oval oval:com.redhat.rhsa:tst:20181396037
        • comment libvirt-nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162577024
    rhsa
    id RHSA-2018:1396
    released 2018-05-14
    severity Low
    title RHSA-2018:1396: libvirt security and bug fix update (Low)
  • bugzilla
    id 1550672
    title CVE-2018-1064 libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libvirt is earlier than 0:0.10.2-64.el6
          oval oval:com.redhat.rhsa:tst:20181929005
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581006
      • AND
        • comment libvirt-client is earlier than 0:0.10.2-64.el6
          oval oval:com.redhat.rhsa:tst:20181929011
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581008
      • AND
        • comment libvirt-devel is earlier than 0:0.10.2-64.el6
          oval oval:com.redhat.rhsa:tst:20181929007
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581010
      • AND
        • comment libvirt-lock-sanlock is earlier than 0:0.10.2-64.el6
          oval oval:com.redhat.rhsa:tst:20181929013
        • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581014
      • AND
        • comment libvirt-python is earlier than 0:0.10.2-64.el6
          oval oval:com.redhat.rhsa:tst:20181929009
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131581012
    rhsa
    id RHSA-2018:1929
    released 2018-06-19
    severity Low
    title RHSA-2018:1929: libvirt security update (Low)
rpms
  • libvirt-0:3.9.0-14.el7_5.4
  • libvirt-admin-0:3.9.0-14.el7_5.4
  • libvirt-client-0:3.9.0-14.el7_5.4
  • libvirt-daemon-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-interface-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-lxc-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nodedev-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-qemu-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-secret-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-core-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-disk-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-gluster-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-iscsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-logical-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-mpath-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-rbd-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-scsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-kvm-0:3.9.0-14.el7_5.4
  • libvirt-daemon-lxc-0:3.9.0-14.el7_5.4
  • libvirt-devel-0:3.9.0-14.el7_5.4
  • libvirt-docs-0:3.9.0-14.el7_5.4
  • libvirt-libs-0:3.9.0-14.el7_5.4
  • libvirt-lock-sanlock-0:3.9.0-14.el7_5.4
  • libvirt-login-shell-0:3.9.0-14.el7_5.4
  • libvirt-nss-0:3.9.0-14.el7_5.4
  • libvirt-0:0.10.2-64.el6
  • libvirt-client-0:0.10.2-64.el6
  • libvirt-devel-0:0.10.2-64.el6
  • libvirt-lock-sanlock-0:0.10.2-64.el6
  • libvirt-python-0:0.10.2-64.el6
refmap via4
bid 102825
debian DSA-4137
mlist
  • [debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update
  • [libvir-list] 20180116 [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)
Last major update 25-01-2018 - 11:29
Published 25-01-2018 - 11:29
Last modified 05-03-2019 - 15:05
Back to Top