Bug 1127458 - (CVE-2019-3840) VUL-0: CVE-2019-3840: libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function
(CVE-2019-3840)
VUL-0: CVE-2019-3840: libvirt: NULL pointer dereference after running qemuAge...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/225445/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-01 07:12 UTC by Marcus Meissner
Modified: 2019-05-21 06:14 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-03-01 07:12:52 UTC
rh#1665228

A flaw was found in libvirtd. A null pointer in virJSONValueObjectHasKey function in util/virjson.c triggers a crash, resulting in remote denial of service via guest agent.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1663051

Upstream patch:

https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1665228
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3840
Comment 1 James Fehlig 2019-03-01 17:31:04 UTC
Bug was introduced in libvirt 1.2.14 and fixed in libvirt 5.0.0, so it affects SLE12 >= SP1 and SLE15GA.
Comment 2 James Fehlig 2019-03-01 18:49:03 UTC
I've added the fix to the libvirt package in SLE-12-SP{1,2,3,4} and SLE-15 devel projects. Maintenance: do you want submissions for all those? Perhaps skip SLE12 SP1?
Comment 3 Marcus Meissner 2019-03-01 19:08:40 UTC
Please submit for all. if 12-SP1 is too hard to backport you can skip it.
Comment 4 James Fehlig 2019-03-01 21:19:36 UTC
All the submissions are done. Thanks!
Comment 11 Swamp Workflow Management 2019-04-04 22:24:58 UTC
SUSE-SU-2019:0553-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1104662,1120813,1127458
CVE References: CVE-2019-3840
Sources used:
SUSE OpenStack Cloud 7 (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libvirt-2.0.0-27.48.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libvirt-2.0.0-27.48.1
SUSE Enterprise Storage 4 (src):    libvirt-2.0.0-27.48.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-04-15 13:13:58 UTC
SUSE-SU-2019:0948-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1081516,1102604,1112182,1120813,1125665,1126325,1127458,1131595
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Server 12-SP4 (src):    libvirt-4.0.0-8.9.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libvirt-4.0.0-8.9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-04-29 01:12:15 UTC
openSUSE-SU-2019:1288-1: An update that solves one vulnerability and has 15 fixes is now available.

Category: security (important)
Bug References: 1081516,1102604,1104662,1106420,1108086,1108395,1112182,1117058,1118952,1120813,1123642,1124667,1125665,1126325,1127458,1130129
CVE References: CVE-2019-3840
Sources used:
openSUSE Leap 15.0 (src):    libvirt-4.0.0-lp150.7.10.4
Comment 16 Swamp Workflow Management 2019-04-29 13:12:40 UTC
openSUSE-SU-2019:1294-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1120813,1126325,1127458,1131595,1131955
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
openSUSE Leap 42.3 (src):    libvirt-3.3.0-24.1
Comment 17 Marcus Meissner 2019-04-29 14:48:54 UTC
all released
Comment 18 Swamp Workflow Management 2019-05-21 06:14:58 UTC
SUSE-SU-2019:1042-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1120813,1126325,1127458,1131595,1131955
CVE References: CVE-2019-3840,CVE-2019-3886
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libvirt-3.3.0-5.30.1
SUSE Linux Enterprise Server 12-SP3 (src):    libvirt-3.3.0-5.30.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libvirt-3.3.0-5.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.