Bug 1076500 (CVE-2018-5748)

Summary: VUL-1: CVE-2018-5748: libvirt: resource exhaustion via qemuMonitorIORead() method
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: jfehlig, jsegitz, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/198578/
Whiteboard: CVSSv3:SUSE:CVE-2018-5748:2.8:(AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L) ibs:running:7253:moderate
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-01-18 08:10:31 UTC
rh#1528396

A flaw was found in Qemu. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to denial of service by exhaustion of memory resources.

References:

https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1528396
Comment 1 Marcus Meissner 2018-01-18 08:22:51 UTC
seems in all code streams
Comment 2 James Fehlig 2018-01-19 19:32:24 UTC
The fix was included in libvirt 4.0.0, which has been submitted to Factory/SLE15 via SR#567782.
Comment 3 Swamp Workflow Management 2018-01-19 20:10:14 UTC
This is an autogenerated message for OBS integration:
This bug (1076500) was mentioned in
https://build.opensuse.org/request/show/567784 Factory / libvirt
Comment 4 James Fehlig 2018-01-19 21:07:31 UTC
I've now added the fix to the SLE11 SP4 and SLE12 SP2/3 libvirt packages. For SLE11 SP4, fix is queued for a future maintenance round. For SLE12 SP2/3, I've resubmitted on top of the recent requests to start maintenance incidents. 

I'm done with this bug. Reassigning to the security team...
Comment 7 Swamp Workflow Management 2018-01-30 11:14:32 UTC
SUSE-SU-2018:0279-1: An update that solves one vulnerability and has 9 fixes is now available.

Category: security (moderate)
Bug References: 1035442,1052825,1062571,1062760,1064947,1065766,1070130,1072887,1073973,1076500
CVE References: CVE-2018-5748
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libvirt-3.3.0-5.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    libvirt-3.3.0-5.13.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libvirt-3.3.0-5.13.1
Comment 8 Swamp Workflow Management 2018-01-31 23:13:20 UTC
openSUSE-SU-2018:0322-1: An update that solves one vulnerability and has 9 fixes is now available.

Category: security (moderate)
Bug References: 1035442,1052825,1062571,1062760,1064947,1065766,1070130,1072887,1073973,1076500
CVE References: CVE-2018-5748
Sources used:
openSUSE Leap 42.3 (src):    libvirt-3.3.0-12.1
Comment 9 Swamp Workflow Management 2018-02-07 17:24:32 UTC
SUSE-SU-2018:0385-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 1070130,1072887,1073973,1076500
CVE References: CVE-2018-5748
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libvirt-2.0.0-27.29.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libvirt-2.0.0-27.29.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libvirt-2.0.0-27.29.1
SUSE Linux Enterprise Server 12-SP2 (src):    libvirt-2.0.0-27.29.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libvirt-2.0.0-27.29.1
Comment 10 Marcus Meissner 2018-02-08 06:16:21 UTC
released
Comment 12 Swamp Workflow Management 2018-03-29 10:12:17 UTC
SUSE-SU-2018:0838-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055365,1076500,1079869,1083061,1083625
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libvirt-1.2.5-23.6.1
Comment 16 Swamp Workflow Management 2018-05-15 16:12:53 UTC
SUSE-SU-2018:1295-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1025340,1076500,1079869,1083625,1087887,1088147,936233,960742
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    libvirt-1.0.5.9-21.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libvirt-1.0.5.9-21.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libvirt-1.0.5.9-21.5.1
Comment 18 Swamp Workflow Management 2018-07-30 22:07:48 UTC
SUSE-SU-2018:2141-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076500,1079869,1083625,1092885,854343,897352,954872,956298,964465,968483,980558,987527
CVE References: CVE-2016-5008,CVE-2017-5715,CVE-2018-1064,CVE-2018-3639,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    libvirt-1.2.5-27.13.1
Comment 19 Marcus Meissner 2018-09-07 13:04:32 UTC
released