RHEL 7 : libvirt (RHSA-2018:1396)

high Nessus Plugin ID 109833

Synopsis

The remote Red Hat host is missing one or more security updates for libvirt.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1396 advisory.

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fix(es):

* libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748)

* libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat).

Bug Fix(es):

* Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ#1557922)

* In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996)

* The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524)

* Previously, user aliases for PTY devices that were longer than 32 characters were not supported.
Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters.
(BZ#1566525)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL libvirt package based on the guidance in RHSA-2018:1396.

See Also

http://www.nessus.org/u?32af88db

https://access.redhat.com/errata/RHSA-2018:1396

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=1528396

https://bugzilla.redhat.com/show_bug.cgi?id=1550672

https://bugzilla.redhat.com/show_bug.cgi?id=1557922

https://bugzilla.redhat.com/show_bug.cgi?id=1564996

https://bugzilla.redhat.com/show_bug.cgi?id=1566524

https://bugzilla.redhat.com/show_bug.cgi?id=1566525

Plugin Details

Severity: High

ID: 109833

File Name: redhat-RHSA-2018-1396.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/16/2018

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-5748

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon, p-cpe:/a:redhat:enterprise_linux:libvirt-client, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:redhat:enterprise_linux:libvirt-nss, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network, p-cpe:/a:redhat:enterprise_linux:libvirt, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-libs, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:redhat:enterprise_linux:libvirt-devel, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface, p-cpe:/a:redhat:enterprise_linux:libvirt-docs, p-cpe:/a:redhat:enterprise_linux:libvirt-admin, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2018

Vulnerability Publication Date: 1/25/2018

Reference Information

CVE: CVE-2018-1064, CVE-2018-5748

CWE: 400

RHSA: 2018:1396