libvirt-0.10.2-64.0.1.AXS4

エラータID: AXSA:2018-3226:03

Release date: 
Thursday, June 28, 2018 - 15:56
Subject: 
libvirt-0.10.2-64.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Low
Description: 

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fix(es):

* libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748)

* libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Asianux) and Peter Krempa (Asianux), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Asianux).

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 4.10 Release Notes and Asianux Server 4.10 Technical Notes linked from the References section.

CVE-2018-1064
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

Solution: 

Update packages.

CVEs: 
CVE-2018-1064
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
Additional Info: 

N/A

Download: 

SRPMS
  1. libvirt-0.10.2-64.0.1.AXS4.src.rpm
    MD5: b00d6c3ae08ade3d6bd90d764a884d38
    SHA-256: 3bb3a825122c6b4583c5808719cd25531c43e423728b4a21d3b7823837c6146d
    Size: 22.43 MB

Asianux Server 4 for x86
  1. libvirt-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: 84b701c362a12efe1206437c30474861
    SHA-256: 9da989df08466e27f96e09885fe61cc896c28c107f28c58f44b1d8ece3430ef9
    Size: 2.15 MB
  2. libvirt-client-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: 33115a1ec9784e2aa285b68da9988c16
    SHA-256: a0d5192ad13e742d5205de380e33d2a9f9a06049619025396c83dd7a92c9456a
    Size: 4.06 MB
  3. libvirt-devel-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: d9352c6a079c65d4aca88b0c3bee82b5
    SHA-256: d501aa1cdbd898daad8669566ca5854e544a7a2054e30029bf9039907cc387ba
    Size: 440.68 kB
  4. libvirt-python-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: 75291be22089ab757cfcf3798dbbc230
    SHA-256: de575cc7bb1660d5194275a0abacd6f2580e7420faea94617c3958ebc3107c36
    Size: 505.25 kB

Asianux Server 4 for x86_64
  1. libvirt-0.10.2-64.0.1.AXS4.x86_64.rpm
    MD5: 8638b18b55845f8a76e7dea1cf1155a8
    SHA-256: 182c40539b93f99cc48c90427b457a0c51968ef77c555a5726e79dffc38cedc0
    Size: 2.43 MB
  2. libvirt-client-0.10.2-64.0.1.AXS4.x86_64.rpm
    MD5: 34e3c91688ba462adc7f9ca10fbff308
    SHA-256: 3f1c2203d0e024c443633dfabccbb82863d4d745b7c2222e529731f62511935e
    Size: 4.08 MB
  3. libvirt-devel-0.10.2-64.0.1.AXS4.x86_64.rpm
    MD5: 6250979826ba525a43841d6c39b0e2e5
    SHA-256: c9425ee623d59b1cb1afef3b8cab69a89bddeea2f45e524140ec282b6bfc3e92
    Size: 440.25 kB
  4. libvirt-python-0.10.2-64.0.1.AXS4.x86_64.rpm
    MD5: 0e87e25fb0bc645a475cf16a1b5e368b
    SHA-256: 70b9468b002c50a10fe13416166b25d9feb0679c90d47ce85cfc450a0362d08e
    Size: 504.83 kB
  5. libvirt-client-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: 33115a1ec9784e2aa285b68da9988c16
    SHA-256: a0d5192ad13e742d5205de380e33d2a9f9a06049619025396c83dd7a92c9456a
    Size: 4.06 MB
  6. libvirt-devel-0.10.2-64.0.1.AXS4.i686.rpm
    MD5: d9352c6a079c65d4aca88b0c3bee82b5
    SHA-256: d501aa1cdbd898daad8669566ca5854e544a7a2054e30029bf9039907cc387ba
    Size: 440.68 kB