Bug 1083625 - (CVE-2018-1064) VUL-0: CVE-2018-1064: libvirt: Denial of service reading from guest agent
(CVE-2018-1064)
VUL-0: CVE-2018-1064: libvirt: Denial of service reading from guest agent
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2018-1064:5.5:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-02 06:59 UTC by Marcus Meissner
Modified: 2018-09-07 12:39 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
0001-qemu-avoid-denial-of-service-reading-from-QEMU-guest.patch (2.21 KB, patch)
2018-03-02 07:00 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2018-03-02 07:00:52 UTC
Created attachment 762448 [details]
0001-qemu-avoid-denial-of-service-reading-from-QEMU-guest.patch

0001-qemu-avoid-denial-of-service-reading-from-QEMU-guest.patch

atached to email
Comment 2 Marcus Meissner 2018-03-02 07:01:05 UTC
No CRD yet.
Comment 4 Marcus Meissner 2018-03-05 14:20:08 UTC
CRD: 2018-03-08
Comment 10 James Fehlig 2018-03-15 00:00:07 UTC
Public now...
Comment 12 James Fehlig 2018-03-15 04:28:06 UTC
Fix has been submitted to SLE11 SP4, SLE12 SP2, SLE12 SP3, SLE15, and Factory/TW. I think I'm done. Passing to security...
Comment 13 Marcus Meissner 2018-03-15 06:26:20 UTC
https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513

 qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064)

We read from the agent until seeing a \r\n pair to indicate a completed
reply or event. To avoid memory denial-of-service though, we must have a
size limit on amount of data we buffer. 10 MB is large enough that it
ought to cope with normal agent replies, and small enough that we're not
consuming unreasonable mem.

This is identical to the flaw we had reading from the QEMU monitor
as CVE-2018-5748, so rather embarrassing that we forgot to fix
the agent code at the same time.
Comment 16 Swamp Workflow Management 2018-03-29 10:12:43 UTC
SUSE-SU-2018:0838-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1055365,1076500,1079869,1083061,1083625
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libvirt-1.2.5-23.6.1
Comment 17 Swamp Workflow Management 2018-04-03 19:09:01 UTC
SUSE-SU-2018:0861-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1078808,1079869,1080042,1082041,1083625
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-6764
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libvirt-2.0.0-27.34.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libvirt-2.0.0-27.34.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libvirt-2.0.0-27.34.1
SUSE Linux Enterprise Server 12-SP2 (src):    libvirt-2.0.0-27.34.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libvirt-2.0.0-27.34.1
Comment 18 Swamp Workflow Management 2018-04-11 10:12:51 UTC
SUSE-SU-2018:0920-1: An update that solves three vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1054986,1067018,1070615,1079869,1080042,1082041,1082161,1083625,1085757,1086038
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-6764
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libvirt-3.3.0-5.19.2
SUSE Linux Enterprise Server 12-SP3 (src):    libvirt-3.3.0-5.19.2, virt-manager-1.4.1-5.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libvirt-3.3.0-5.19.2, virt-manager-1.4.1-5.8.1
Comment 19 Swamp Workflow Management 2018-04-12 22:10:32 UTC
openSUSE-SU-2018:0939-1: An update that solves three vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1054986,1067018,1070615,1079869,1080042,1082041,1082161,1083625,1085757,1086038
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-6764
Sources used:
openSUSE Leap 42.3 (src):    libvirt-3.3.0-15.1, virt-manager-1.4.1-9.1
Comment 24 Swamp Workflow Management 2018-05-15 16:13:10 UTC
SUSE-SU-2018:1295-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1025340,1076500,1079869,1083625,1087887,1088147,936233,960742
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    libvirt-1.0.5.9-21.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libvirt-1.0.5.9-21.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libvirt-1.0.5.9-21.5.1
Comment 26 Swamp Workflow Management 2018-07-27 16:15:23 UTC
SUSE-SU-2018:2082-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1076500,1079869,1083625,1092885
CVE References: CVE-2017-5715,CVE-2018-1064,CVE-2018-3639,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libvirt-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libvirt-1.2.18.4-22.3.1
Comment 27 Swamp Workflow Management 2018-07-30 22:08:07 UTC
SUSE-SU-2018:2141-1: An update that solves 5 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076500,1079869,1083625,1092885,854343,897352,954872,956298,964465,968483,980558,987527
CVE References: CVE-2016-5008,CVE-2017-5715,CVE-2018-1064,CVE-2018-3639,CVE-2018-5748
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    libvirt-1.2.5-27.13.1
Comment 28 Marcus Meissner 2018-09-07 12:39:37 UTC
done