Site icon 지락문화예술공작단

USN-3576-1: libvirt vulnerabilities

USN-3576-1: libvirt vulnerabilities

Ubuntu Security Notice USN-3576-1

20th February, 2018

libvirt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Several security issues were fixed in libvirt.

Software description

Details

Vivian Zhang and Christoph Anton Mitterer discovered that libvirt
incorrectly disabled password authentication when the VNC password was set
to an empty string. A remote attacker could possibly use this issue to
bypass authentication, contrary to expectations. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008)

Daniel P. Berrange discovered that libvirt incorrectly handled validating
SSL/TLS certificates. A remote attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 17.10.
(CVE-2017-1000256)

Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly
handled large QEMU replies. An attacker could possibly use this issue to
cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748)

Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so
module. An attacker in a libvirt_lxc session could possibly use this issue
to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 17.10. (CVE-2018-6764)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
libvirt0

3.6.0-1ubuntu6.3
libvirt-bin

3.6.0-1ubuntu6.3
Ubuntu 16.04 LTS:
libvirt0

1.3.1-1ubuntu10.19
libvirt-bin

1.3.1-1ubuntu10.19
Ubuntu 14.04 LTS:
libvirt0

1.2.2-0ubuntu13.1.26
libvirt-bin

1.2.2-0ubuntu13.1.26

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-5008,

CVE-2017-1000256,

CVE-2018-5748,

CVE-2018-6764

Source: USN-3576-1: libvirt vulnerabilities

Exit mobile version