Executive Summary
Summary | |
---|---|
Title | libvirt security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2294 | First vendor Publication | 2019-08-06 |
Vendor | RedHat | Last vendor Modification | 2019-08-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501450 - Race starting multiple libvirtd user sessions at the same time 1558558 - Enhance detection of host CPU model to avoid guesses based on fea.ture list length 1584663 - [RFE] Add functionality to virsh to mount nfs shares using commands like mountvers, nosuid, nodev. 1592737 - Cannot use a xml file with XML declaration as a input of cpu-compare 1594266 - virt-xml-validate validate fails for volume having backing file 1609454 - nwfilter-binding-create succeed on interface which does not exist 1609720 - Starting VM without source configured for pci-serial device caused libvirtd crash 1612943 - Wrong RESUME event after I/O error 1613737 - Allow the inputvol to be encrypted when creating a volume from another volume 1615680 - Improve --adapter-parent-wwnn,--adapter-parent-wwpn and --adapter-parent-fabric-wwn info for pool-define-as in man page 1628469 - libvirt uses incorrect method to detect that KVM is working 1628892 - Permission denied when start guest with egl-headless display 1631606 - Create luks vol failed when give the user access control for storage-vol API 1631622 - guest with an interface referred to nwfilter killed by libvirt when restart libvirtd with access driver enabled 1632711 - [RHEL] VMs on gluster storage domain can't be migrated 1632833 - scsi host device passthrough limits IO writes 1633077 - domxml-to-native should treat --xml as the default option 1633389 - libvirt creating qemu channels with the wrong permissions 1640465 - [RHHI] Hosted Engine migration fails in gluster storage domain 1641702 - check tsc scaling fea-ture of destination host on migration 1647365 - VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY is never used in postcopy migration 1652894 - when create vhba without indicating wwpn/wwnn, libvirt will generate duplicated ones 1656360 - when |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2294.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-476 | NULL Pointer Dereference |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:51 |
|