2019-08-31
ALT-BU-2019-3908-1
Branch p8 update bulletin.
Closed vulnerabilities
Published: 2019-03-27
BDU:2019-01742
Уязвимость функции virJSONValueObjectHasKey библиотеки управления виртуализацией Libvirt, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.8)
Vector: AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
References:
Published: 2019-03-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-3840
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Severity: MEDIUM (6.3)
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1288
- openSUSE-SU-2019:1288
- openSUSE-SU-2019:1294
- openSUSE-SU-2019:1294
- RHSA-2019:2294
- RHSA-2019:2294
- https://bugzilla.redhat.com/show_bug.cgi?id=1663051
- https://bugzilla.redhat.com/show_bug.cgi?id=1663051
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840
- FEDORA-2019-b3bfc61567
- FEDORA-2019-b3bfc61567
- https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
- https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html