Detections
Analytics

openSUSE Security Update : libvirt (openSUSE-2018-115)

high Nessus Plugin ID 106546

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libvirt provides several fixes.

This security issue was fixed :

 - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500).

These security issues were fixed :

 - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177)

 - schema: Make disk driver name attribute optional.
 (bsc#1073973)

 - virt-create-rootfs: Handle all SLE 12 versions.
 (bsc#1072887)

 - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130)

 - s390: Fix missing host cpu model info. (bsc#1065766)

 - cpu: Add new EPYC CPU model. (bsc#1052825, fate#324038)

 - pci: Fix the detection of the link's maximum speed.
 (bsc#1064947)

 - nodedev: Increase the netlink socket buffer size.
 (bsc#1035442)

 - storage: Fix a race between the volume creation and the pool refresh. (bsc#1062571)

 - daemon: Drop the minsize directive from hypervisor logrotate files. (bsc#1062760)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Solution

Update the affected libvirt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1035442

https://bugzilla.opensuse.org/show_bug.cgi?id=1052825

https://bugzilla.opensuse.org/show_bug.cgi?id=1062571

https://bugzilla.opensuse.org/show_bug.cgi?id=1062760

https://bugzilla.opensuse.org/show_bug.cgi?id=1064947

https://bugzilla.opensuse.org/show_bug.cgi?id=1065766

https://bugzilla.opensuse.org/show_bug.cgi?id=1070130

https://bugzilla.opensuse.org/show_bug.cgi?id=1072887

https://bugzilla.opensuse.org/show_bug.cgi?id=1073973

https://bugzilla.opensuse.org/show_bug.cgi?id=1076500

https://features.opensuse.org/

Plugin Details

Severity: High

ID: 106546

File Name: openSUSE-2018-115.nasl

Version: 3.6

Type: local

Agent: unix

Published: 2/1/2018

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libvirt-daemon, p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-uml, p-cpe:/a:novell:opensuse:libvirt-admin, p-cpe:/a:novell:opensuse:libvirt-client-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret, p-cpe:/a:novell:opensuse:libvirt-nss, p-cpe:/a:novell:opensuse:libvirt, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-hooks, p-cpe:/a:novell:opensuse:libvirt-daemon-config-network, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk, p-cpe:/a:novell:opensuse:libvirt-debugsource, p-cpe:/a:novell:opensuse:libvirt-devel-32bit, p-cpe:/a:novell:opensuse:libvirt-libs, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical, p-cpe:/a:novell:opensuse:libvirt-daemon-qemu, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage, p-cpe:/a:novell:opensuse:libvirt-devel, p-cpe:/a:novell:opensuse:libvirt-daemon-vbox, p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter, p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:libvirt-client, p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox, p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter, p-cpe:/a:novell:opensuse:libvirt-daemon-lxc, p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo, p-cpe:/a:novell:opensuse:libvirt-lock-sanlock, p-cpe:/a:novell:opensuse:libvirt-daemon-xen, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml, p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/31/2018

Reference Information

CVE: CVE-2018-5748