rpm package
suse/libvirt&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1064 | — | < 2.0.0-27.34.1 | 2.0.0-27.34.1 | Mar 28, 2018 | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | ||
| CVE-2018-6764 | — | < 2.0.0-27.34.1 | 2.0.0-27.34.1 | Feb 23, 2018 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | ||
| CVE-2018-5748 | — | < 2.0.0-27.29.1 | 2.0.0-27.29.1 | Jan 25, 2018 | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | ||
| CVE-2017-5715 | — | < 2.0.0-27.34.1 | 2.0.0-27.34.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- CVE-2018-1064Mar 28, 2018affected < 2.0.0-27.34.1fixed 2.0.0-27.34.1
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
- CVE-2018-6764Feb 23, 2018affected < 2.0.0-27.34.1fixed 2.0.0-27.34.1
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
- CVE-2018-5748Jan 25, 2018affected < 2.0.0-27.29.1fixed 2.0.0-27.29.1
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
- CVE-2017-5715Jan 4, 2018affected < 2.0.0-27.34.1fixed 2.0.0-27.34.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.