Bug 1127458 (CVE-2019-3840)

Summary: VUL-0: CVE-2019-3840: libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jfehlig, maint-coord, meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/225445/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-03-01 07:12:52 UTC 
rh#1665228

A flaw was found in libvirtd. A null pointer in virJSONValueObjectHasKey function in util/virjson.c triggers a crash, resulting in remote denial of service via guest agent.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1663051

Upstream patch:

https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1665228
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3840
Comment 1 James Fehlig 2019-03-01 17:31:04 UTC 
Bug was introduced in libvirt 1.2.14 and fixed in libvirt 5.0.0, so it affects SLE12 >= SP1 and SLE15GA.
Comment 2 James Fehlig 2019-03-01 18:49:03 UTC 
I've added the fix to the libvirt package in SLE-12-SP{1,2,3,4} and SLE-15 devel projects. Maintenance: do you want submissions for all those? Perhaps skip SLE12 SP1?
Comment 3 Marcus Meissner 2019-03-01 19:08:40 UTC 
Please submit for all. if 12-SP1 is too hard to backport you can skip it.
Comment 4 James Fehlig 2019-03-01 21:19:36 UTC 
All the submissions are done. Thanks!
Comment 11 Swamp Workflow Management 2019-04-04 22:24:58 UTC 
SUSE-SU-2019:0553-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1104662,1120813,1127458
CVE References: CVE-2019-3840
Sources used:
SUSE OpenStack Cloud 7 (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libvirt-2.0.0-27.48.1
SUSE Enterprise Storage 4 (src):    libvirt-2.0.0-27.48.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-04-15 13:13:58 UTC 
SUSE-SU-2019:0948-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1081516,1102604,1112182,1120813,1125665,1126325,1127458,1131595
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Server 12-SP4 (src):    libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libvirt-4.0.0-8.9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-04-29 01:12:15 UTC 
openSUSE-SU-2019:1288-1: An update that solves one vulnerability and has 15 fixes is now available.

Category: security (important)
Bug References: 1081516,1102604,1104662,1106420,1108086,1108395,1112182,1117058,1118952,1120813,1123642,1124667,1125665,1126325,1127458,1130129
CVE References: CVE-2019-3840
Sources used:
openSUSE Leap 15.0 (src):    libvirt-4.0.0-lp150.7.10.4
Comment 16 Swamp Workflow Management 2019-04-29 13:12:40 UTC 
openSUSE-SU-2019:1294-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1120813,1126325,1127458,1131595,1131955
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
openSUSE Leap 42.3 (src):    libvirt-3.3.0-24.1
Comment 17 Marcus Meissner 2019-04-29 14:48:54 UTC 
all released
Comment 18 Swamp Workflow Management 2019-05-21 06:14:58 UTC 
SUSE-SU-2019:1042-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1120813,1126325,1127458,1131595,1131955
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libvirt-3.3.0-5.30.1
SUSE Linux Enterprise Server 12-SP3 (src):    libvirt-3.3.0-5.30.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libvirt-3.3.0-5.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.