Detections
Analytics

RHEL 7 : libvirt (RHSA-2018:3113)

high Nessus Plugin ID 118530

Language:

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3113 advisory.

 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

 The following packages have been upgraded to a later upstream version: libvirt (4.5.0). (BZ#1563169)

 Security Fix(es):

 * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764)

 For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

 Additional Changes:

 For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1623157

https://bugzilla.redhat.com/show_bug.cgi?id=1624735

https://bugzilla.redhat.com/show_bug.cgi?id=916061

http://www.nessus.org/u?2b0cc1e7

http://www.nessus.org/u?d2a7d8b5

https://access.redhat.com/errata/RHSA-2018:3113

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1149445

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

https://bugzilla.redhat.com/show_bug.cgi?id=1300772

https://bugzilla.redhat.com/show_bug.cgi?id=1367238

https://bugzilla.redhat.com/show_bug.cgi?id=1425058

https://bugzilla.redhat.com/show_bug.cgi?id=1425757

https://bugzilla.redhat.com/show_bug.cgi?id=1447169

https://bugzilla.redhat.com/show_bug.cgi?id=1448149

https://bugzilla.redhat.com/show_bug.cgi?id=1454709

https://bugzilla.redhat.com/show_bug.cgi?id=1456165

https://bugzilla.redhat.com/show_bug.cgi?id=1468422

https://bugzilla.redhat.com/show_bug.cgi?id=1469338

https://bugzilla.redhat.com/show_bug.cgi?id=1470007

https://bugzilla.redhat.com/show_bug.cgi?id=1480668

https://bugzilla.redhat.com/show_bug.cgi?id=1483816

https://bugzilla.redhat.com/show_bug.cgi?id=1490158

https://bugzilla.redhat.com/show_bug.cgi?id=1492597

https://bugzilla.redhat.com/show_bug.cgi?id=1494454

https://bugzilla.redhat.com/show_bug.cgi?id=1507737

https://bugzilla.redhat.com/show_bug.cgi?id=1509870

https://bugzilla.redhat.com/show_bug.cgi?id=1515533

https://bugzilla.redhat.com/show_bug.cgi?id=1519146

https://bugzilla.redhat.com/show_bug.cgi?id=1520821

https://bugzilla.redhat.com/show_bug.cgi?id=1522706

https://bugzilla.redhat.com/show_bug.cgi?id=1523564

https://bugzilla.redhat.com/show_bug.cgi?id=1524399

https://bugzilla.redhat.com/show_bug.cgi?id=1525496

https://bugzilla.redhat.com/show_bug.cgi?id=1525599

https://bugzilla.redhat.com/show_bug.cgi?id=1526382

https://bugzilla.redhat.com/show_bug.cgi?id=1527740

https://bugzilla.redhat.com/show_bug.cgi?id=1529059

https://bugzilla.redhat.com/show_bug.cgi?id=1529256

https://bugzilla.redhat.com/show_bug.cgi?id=1530451

https://bugzilla.redhat.com/show_bug.cgi?id=1532542

https://bugzilla.redhat.com/show_bug.cgi?id=1534418

https://bugzilla.redhat.com/show_bug.cgi?id=1538570

https://bugzilla.redhat.com/show_bug.cgi?id=1541444

https://bugzilla.redhat.com/show_bug.cgi?id=1541921

https://bugzilla.redhat.com/show_bug.cgi?id=1543775

https://bugzilla.redhat.com/show_bug.cgi?id=1544325

https://bugzilla.redhat.com/show_bug.cgi?id=1544659

https://bugzilla.redhat.com/show_bug.cgi?id=1544869

https://bugzilla.redhat.com/show_bug.cgi?id=1546971

https://bugzilla.redhat.com/show_bug.cgi?id=1547250

https://bugzilla.redhat.com/show_bug.cgi?id=1549531

https://bugzilla.redhat.com/show_bug.cgi?id=1552092

https://bugzilla.redhat.com/show_bug.cgi?id=1552127

https://bugzilla.redhat.com/show_bug.cgi?id=1553075

https://bugzilla.redhat.com/show_bug.cgi?id=1554876

https://bugzilla.redhat.com/show_bug.cgi?id=1556828

https://bugzilla.redhat.com/show_bug.cgi?id=1557769

https://bugzilla.redhat.com/show_bug.cgi?id=1558317

https://bugzilla.redhat.com/show_bug.cgi?id=1559284

https://bugzilla.redhat.com/show_bug.cgi?id=1559835

https://bugzilla.redhat.com/show_bug.cgi?id=1560917

https://bugzilla.redhat.com/show_bug.cgi?id=1560946

https://bugzilla.redhat.com/show_bug.cgi?id=1560976

https://bugzilla.redhat.com/show_bug.cgi?id=1563169

https://bugzilla.redhat.com/show_bug.cgi?id=1566416

https://bugzilla.redhat.com/show_bug.cgi?id=1568148

https://bugzilla.redhat.com/show_bug.cgi?id=1568407

https://bugzilla.redhat.com/show_bug.cgi?id=1569678

https://bugzilla.redhat.com/show_bug.cgi?id=1569861

https://bugzilla.redhat.com/show_bug.cgi?id=1571759

https://bugzilla.redhat.com/show_bug.cgi?id=1572491

https://bugzilla.redhat.com/show_bug.cgi?id=1576464

https://bugzilla.redhat.com/show_bug.cgi?id=1576916

https://bugzilla.redhat.com/show_bug.cgi?id=1583484

https://bugzilla.redhat.com/show_bug.cgi?id=1583623

https://bugzilla.redhat.com/show_bug.cgi?id=1583927

https://bugzilla.redhat.com/show_bug.cgi?id=1584071

https://bugzilla.redhat.com/show_bug.cgi?id=1584073

https://bugzilla.redhat.com/show_bug.cgi?id=1584091

https://bugzilla.redhat.com/show_bug.cgi?id=1584571

https://bugzilla.redhat.com/show_bug.cgi?id=1586027

https://bugzilla.redhat.com/show_bug.cgi?id=1588295

https://bugzilla.redhat.com/show_bug.cgi?id=1588336

https://bugzilla.redhat.com/show_bug.cgi?id=1589115

https://bugzilla.redhat.com/show_bug.cgi?id=1589730

https://bugzilla.redhat.com/show_bug.cgi?id=1590214

https://bugzilla.redhat.com/show_bug.cgi?id=1591017

https://bugzilla.redhat.com/show_bug.cgi?id=1591235

https://bugzilla.redhat.com/show_bug.cgi?id=1591561

https://bugzilla.redhat.com/show_bug.cgi?id=1591628

https://bugzilla.redhat.com/show_bug.cgi?id=1593137

https://bugzilla.redhat.com/show_bug.cgi?id=1593549

https://bugzilla.redhat.com/show_bug.cgi?id=1595184

https://bugzilla.redhat.com/show_bug.cgi?id=1597550

https://bugzilla.redhat.com/show_bug.cgi?id=1597940

https://bugzilla.redhat.com/show_bug.cgi?id=1598015

https://bugzilla.redhat.com/show_bug.cgi?id=1598084

https://bugzilla.redhat.com/show_bug.cgi?id=1598087

https://bugzilla.redhat.com/show_bug.cgi?id=1598281

https://bugzilla.redhat.com/show_bug.cgi?id=1598311

https://bugzilla.redhat.com/show_bug.cgi?id=1598440

https://bugzilla.redhat.com/show_bug.cgi?id=1599545

https://bugzilla.redhat.com/show_bug.cgi?id=1599973

https://bugzilla.redhat.com/show_bug.cgi?id=1600122

https://bugzilla.redhat.com/show_bug.cgi?id=1600329

https://bugzilla.redhat.com/show_bug.cgi?id=1600330

https://bugzilla.redhat.com/show_bug.cgi?id=1600345

https://bugzilla.redhat.com/show_bug.cgi?id=1600427

https://bugzilla.redhat.com/show_bug.cgi?id=1600468

https://bugzilla.redhat.com/show_bug.cgi?id=1601318

https://bugzilla.redhat.com/show_bug.cgi?id=1601377

https://bugzilla.redhat.com/show_bug.cgi?id=1603025

https://bugzilla.redhat.com/show_bug.cgi?id=1603115

https://bugzilla.redhat.com/show_bug.cgi?id=1607825

https://bugzilla.redhat.com/show_bug.cgi?id=1607831

https://bugzilla.redhat.com/show_bug.cgi?id=1609087

https://bugzilla.redhat.com/show_bug.cgi?id=1611320

https://bugzilla.redhat.com/show_bug.cgi?id=1612009

https://bugzilla.redhat.com/show_bug.cgi?id=1613746

https://bugzilla.redhat.com/show_bug.cgi?id=1618622

https://bugzilla.redhat.com/show_bug.cgi?id=1621910

Plugin Details

Severity: High

ID: 118530

File Name: redhat-RHSA-2018-3113.nasl

Version: 1.8

Type: local

Agent: unix

Published: 10/31/2018

Updated: 11/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-6764

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon, p-cpe:/a:redhat:enterprise_linux:libvirt-client, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:redhat:enterprise_linux:libvirt-nss, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc, p-cpe:/a:redhat:enterprise_linux:libvirt-bash-completion, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network, p-cpe:/a:redhat:enterprise_linux:libvirt, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:redhat:enterprise_linux:libvirt-libs, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:redhat:enterprise_linux:libvirt-devel, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface, p-cpe:/a:redhat:enterprise_linux:libvirt-docs, p-cpe:/a:redhat:enterprise_linux:libvirt-admin, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm, p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/30/2018

Vulnerability Publication Date: 2/23/2018

Reference Information

CVE: CVE-2018-6764

CWE: 179

RHSA: 2018:3113