Synopsis:          Low: libvirt security and bug fix update
Advisory ID:       SLSA-2018:1396-1
Issue Date:        2018-05-15
CVE Numbers:       CVE-2018-5748
                   CVE-2018-1064
--

Security Fix(es):

* libvirt: Resource exhaustion via qemuMonitorIORead() method
(CVE-2018-5748)

* libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent
(CVE-2018-1064)

The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and
the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and
Peter Krempa (Red Hat).

Bug Fix(es):

* Previously, the check for a non-unique device boot order did not
properly handle updates of existing devices when a new device was attached
to a guest. Consequently, updating any device with a specified boot order
failed. With this update, the duplicity check detects correctly handles
updates and ignores the original device, which avoids reporting false
conflicts. As a result, updating a device with a boot order succeeds.

* In Scientific Linux 7.5, guests with SCSI passthrough enabled failed to
boot because of changes in kernel CGroup detection. With this update,
libvirt fetches dependencies and adds them to the device CGroup. As a
result, and the affected guests now start as expected.

* The VMX parser in libvirt did not parse more than four network
interfaces. As a consequence, the esx driver did not expose more than four
network interface cards (NICs) for guests running ESXi. With this update,
the VMX parser parses all the available NICs in .vmx files. As a result,
libvirt reports all the NICs of guests running ESXi.

* Previously, user aliases for PTY devices that were longer than 32
characters were not supported. Consequently, if a domain included a PTY
device with a user alias longer than 32 characters, the domain would not
start. With this update, a static buffer was replaced with a dynamic
buffer. As a result, the domain starts even if the length of the user
alias for a PTY device is longer than 32 characters.
--

SL7
  x86_64
    libvirt-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-client-3.9.0-14.el7_5.4.i686.rpm
    libvirt-client-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-config-network-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-interface-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-lxc-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-network-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-qemu-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-secret-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-kvm-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-debuginfo-3.9.0-14.el7_5.4.i686.rpm
    libvirt-debuginfo-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-libs-3.9.0-14.el7_5.4.i686.rpm
    libvirt-libs-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-admin-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-daemon-lxc-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-devel-3.9.0-14.el7_5.4.i686.rpm
    libvirt-devel-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-docs-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-lock-sanlock-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-login-shell-3.9.0-14.el7_5.4.x86_64.rpm
    libvirt-nss-3.9.0-14.el7_5.4.i686.rpm
    libvirt-nss-3.9.0-14.el7_5.4.x86_64.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2018-1396-1 Low: libvirt on SL7.x x86_64

libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) The CVE-2018-1...

Summary

Low: libvirt security and bug fix update



Security Fixes

* libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748)
* libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)
The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat).

Severity
Advisory ID: SLSA-2018:1396-1
Issued Date: : 2018-05-15
CVE Numbers: CVE-2018-5748
CVE-2018-1064