Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Gentoo: GLSA-201804-07 Normal Severity: Libvirt Command Execution Risks

gentoo
Calendar Grey April 8, 2018
Dist Gentoo Esm H88
GLSA 201804-07 outlines serious vulnerabilities in the libvirt API on Gentoo Linux, exposing systems to arbitrary command execution risks, necessitating urgent updates.
Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands.

Summary

Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory Gentoo command execution normal severity libvirt

Resolution

All libvirt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-4.1.0"

References

[ 1 ] CVE-2018-5748 https://nvd.nist.gov/vuln/detail/CVE-2018-5748 [ 2 ] CVE-2018-6764 https://nvd.nist.gov/vuln/detail/CVE-2018-6764

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-07
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: libvirt: Multiple vulnerabilities
Date: April 08, 2018
Bugs: #647338, #650018
ID: 201804-07

Topics%20covered

Topics Covered

security advisory Gentoo command execution normal severity libvirt

Synopsis

Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands.

Background

libvirt is a C toolkit for manipulating virtual machines.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/libvirt < 4.1.0 >= 4.1.0

Impact

===== A local privileged attacker could execute arbitrary commands or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here