rpm package
suse/virt-manager&distro=SUSE Linux Enterprise Desktop 12 SP3
pkg:rpm/suse/virt-manager&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1064 | Hig | 7.5 | < 1.4.1-5.8.1 | 1.4.1-5.8.1 | Mar 28, 2018 | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |
| CVE-2018-6764 | Hig | 7.8 | < 1.4.1-5.8.1 | 1.4.1-5.8.1 | Feb 23, 2018 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | |
| CVE-2017-5715 | Med | 5.6 | < 1.4.1-5.8.1 | 1.4.1-5.8.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- affected < 1.4.1-5.8.1fixed 1.4.1-5.8.1
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
- affected < 1.4.1-5.8.1fixed 1.4.1-5.8.1
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
- affected < 1.4.1-5.8.1fixed 1.4.1-5.8.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.