SB2018041301 - OpenSUSE Linux update for libvirt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018041301

SB2018041301 - OpenSUSE Linux update for libvirt

Published: April 13, 2018

Security Bulletin ID SB2018041301
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.


2) Resource exhaustion (CVE-ID: CVE-2018-1064)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the qemu_agent.c source code file due to an incomplete fix for CVE-2018-5748 that affects the QEMU monitor. A local attacker can consume excessive amounts of memory resources and cause the service to crash.


3) Security restrictions bypass (CVE-ID: CVE-2018-6764)

The vulnerability allows an adjacent attacker to bypass security restrictions on the target system.

The weakness exists in the util/virlog.c source code file due to improper determination of hostnames during LXC container startup. An adjacent attacker can bypass security restrictions and execute arbitrary commands.

Remediation

Install update from vendor's website.

References