SB2019042907 - OpenSUSE Linux update for libvirt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019042907

SB2019042907 - OpenSUSE Linux update for libvirt

Published: April 29, 2019

Security Bulletin ID SB2019042907
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-3840)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in libvirt in the way it processes interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service (DoS).


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3886)

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to the application allows readonly permissions to invoke the APIs depending on the guest agent. A remote non-authenticated attacker can gain access to sensitive information or perform denial of service attack.


Remediation

Install update from vendor's website.

References