Executive Summary
| Summary | |
|---|---|
| Title | libvirt security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-4137 | First vendor Publication | 2018-03-14 |
| Vendor | Debian | Last vendor Modification | 2018-03-14 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service. CVE-2018-5748 Daniel Berrange and Peter Krempa that the QEMU monitor was suspectible to denial of service by memory exhaustion. This was already fixed in Debian stretch and only affects Debian jessie. CVE-2018-6764 Pedro Sampaio discovered that LXC containes detected the hostname insecurely. This only affects Debian stretch. For the oldstable distribution (jessie), these problems have been fixed in version 1.2.9-9+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 3.0.0-4+deb9u3. We recommend that you upgrade your libvirt packages. For the detailed security status of libvirt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvirt |
Original Source
| Url : http://www.debian.org/security/2018/dsa-4137 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 67 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 33 % | CWE-346 | Origin Validation Error |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2019-01-10 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10917_184R1.nasl - Type : ACT_GATHER_INFO |
| 2018-12-20 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1134.nasl - Type : ACT_GATHER_INFO |
| 2018-12-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-3113.nasl - Type : ACT_GATHER_INFO |
| 2018-09-18 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1253.nasl - Type : ACT_GATHER_INFO |
| 2018-09-18 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1277.nasl - Type : ACT_GATHER_INFO |
| 2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-1_0-0129.nasl - Type : ACT_GATHER_INFO |
| 2018-07-26 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1049.nasl - Type : ACT_GATHER_INFO |
| 2018-07-24 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-2_0-0039.nasl - Type : ACT_GATHER_INFO |
| 2018-07-03 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1197.nasl - Type : ACT_GATHER_INFO |
| 2018-06-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-1929.nasl - Type : ACT_GATHER_INFO |
| 2018-05-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-1396.nasl - Type : ACT_GATHER_INFO |
| 2018-04-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201804-07.nasl - Type : ACT_GATHER_INFO |
| 2018-04-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201804-08.nasl - Type : ACT_GATHER_INFO |
| 2018-03-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-1315.nasl - Type : ACT_GATHER_INFO |
| 2018-03-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4137.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2018-03-30 09:20:49 |
|
| 2018-03-15 00:18:25 |
|
