ID CVE-2018-1064
Summary libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:redhat:libvirt:4.1.0
    cpe:2.3:a:redhat:libvirt:4.1.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-400
CAPEC
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0039_LIBVIRT.NASL
    description An update of the libvirt package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121937
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121937
    title Photon OS 2.0: Libvirt PHSA-2018-2.0-0039
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1295-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes : - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109861
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109861
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1295-1) (Spectre)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0129.NASL
    description An update of 'libvirt', 'librelp' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111931
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111931
    title Photon OS 1.0: Librelp / Libvirt PHSA-2018-1.0-0129 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3680-1.NASL
    description Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110515
    published 2018-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110515
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libvirt vulnerability and update (USN-3680-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-358.NASL
    description This update for libvirt and virt-manager fixes the following issues : Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt : - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager : - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-04-25
    plugin id 109020
    published 2018-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109020
    title openSUSE Security Update : libvirt (openSUSE-2018-358) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180515_LIBVIRT_ON_SL7_X.NASL
    description Security Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : - Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. - In Scientific Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. - The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. - Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 109853
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109853
    title Scientific Linux Security Update : libvirt on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0838-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). - CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500). Non-security issues fixed : - bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4. - bsc#1055365: Improve performance when listing hundreds of interfaces. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108745
    published 2018-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108745
    title SUSE SLES11 Security Update : libvirt (SUSE-SU-2018:0838-1) (Spectre)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1253.NASL
    description According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117562
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117562
    title EulerOS Virtualization 2.5.1 : libvirt (EulerOS-SA-2018-1253)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1197.NASL
    description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110861
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110861
    title EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1315.NASL
    description Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources. For Debian 7 'Wheezy', these problems have been fixed in version 0.9.12.3-1+deb7u3. We recommend that you upgrade your libvirt packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 108605
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108605
    title Debian DLA-1315-1 : libvirt security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0920-1.NASL
    description This update for libvirt and virt-manager fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt : - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager : - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109012
    published 2018-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109012
    title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0920-1) (Spectre)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0129_LIBVIRT.NASL
    description An update of the libvirt package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121833
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121833
    title Photon OS 1.0: Libvirt PHSA-2018-1.0-0129
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1929.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110606
    published 2018-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110606
    title RHEL 6 : libvirt (RHSA-2018:1929)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0039.NASL
    description An update of {'openjdk8', 'httpd', 'librelp', 'zsh', 'libvirt', 'libtiff'} packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111298
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111298
    title Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1049.NASL
    description An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 111336
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111336
    title Amazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1929.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110651
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110651
    title CentOS 6 : libvirt (CESA-2018:1929)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4137.NASL
    description Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library : - CVE-2018-1064 Daniel Berrange discovered that the QEMU guest agent performed insufficient validation of incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service. - CVE-2018-5748 Daniel Berrange and Peter Krempa discovered that the QEMU monitor was susceptible to denial of service by memory exhaustion. This was already fixed in Debian stretch and only affects Debian jessie. - CVE-2018-6764 Pedro Sampaio discovered that LXC containers detected the hostname insecurely. This only affects Debian stretch.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108346
    published 2018-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108346
    title Debian DSA-4137-1 : libvirt - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1396.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109833
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109833
    title RHEL 7 : libvirt (RHSA-2018:1396)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1396.NASL
    description From Red Hat Security Advisory 2018:1396 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-05-16
    plugin id 109808
    published 2018-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109808
    title Oracle Linux 7 : libvirt (ELSA-2018-1396)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1396.NASL
    description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110247
    published 2018-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110247
    title CentOS 7 : libvirt (CESA-2018:1396)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1929.NASL
    description From Red Hat Security Advisory 2018:1929 : An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 110706
    published 2018-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110706
    title Oracle Linux 6 : libvirt (ELSA-2018-1929)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180619_LIBVIRT_ON_SL6_X.NASL
    description Security Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110888
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110888
    title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0861-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed : - Error starting domain: internal error: No usable sysfs TPM cancel file could be found (bsc#1078808). - SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot (bsc#1082041). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108827
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108827
    title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0861-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2082-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111434
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111434
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2082-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2141-1.NASL
    description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). Bug fixes : - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services. - bsc#956298: virsh domxml-to-native causes segfault of libvirtd. - bsc#964465: libvirtd.service causes systemd warning about xencommons service. - bsc#954872: Script block-dmmd not working as expected. - bsc#854343: libvirt installation run inappropriate systemd restart. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111503
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111503
    title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)
redhat via4
advisories
  • rhsa
    id RHSA-2018:1396
  • rhsa
    id RHSA-2018:1929
rpms
  • libvirt-0:3.9.0-14.el7_5.4
  • libvirt-admin-0:3.9.0-14.el7_5.4
  • libvirt-client-0:3.9.0-14.el7_5.4
  • libvirt-daemon-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-interface-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-lxc-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nodedev-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-qemu-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-secret-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-core-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-disk-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-gluster-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-iscsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-logical-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-mpath-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-rbd-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-scsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-kvm-0:3.9.0-14.el7_5.4
  • libvirt-daemon-lxc-0:3.9.0-14.el7_5.4
  • libvirt-devel-0:3.9.0-14.el7_5.4
  • libvirt-docs-0:3.9.0-14.el7_5.4
  • libvirt-libs-0:3.9.0-14.el7_5.4
  • libvirt-lock-sanlock-0:3.9.0-14.el7_5.4
  • libvirt-login-shell-0:3.9.0-14.el7_5.4
  • libvirt-nss-0:3.9.0-14.el7_5.4
  • libvirt-0:0.10.2-64.el6
  • libvirt-client-0:0.10.2-64.el6
  • libvirt-devel-0:0.10.2-64.el6
  • libvirt-lock-sanlock-0:0.10.2-64.el6
  • libvirt-python-0:0.10.2-64.el6
refmap via4
confirm
debian DSA-4137
mlist [debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update
ubuntu USN-3680-1
Last major update 28-03-2018 - 14:29
Published 28-03-2018 - 14:29
Last modified 19-06-2018 - 21:29
Back to Top