ESB-2018.3390 - [RedHat] libvirt: Execute arbitrary code/commands - Existing account 2018-10-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3390
        Moderate: libvirt security, bug fix, and enhancement update
                              31 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libvirt
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6764  

Reference:         ESB-2018.1115
                   ESB-2018.0992
                   ESB-2018.0756
                   ESB-2018.0754
                   ESB-2018.0509

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:3113

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libvirt security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:3113-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3113
Issue date:        2018-10-30
CVE Names:         CVE-2018-6764 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

The following packages have been upgraded to a later upstream version:
libvirt (4.5.0). (BZ#1563169)

Security Fix(es):

* libvirt: guest could inject executable code via libnss_dns.so loaded by
libvirt_lxc before init (CVE-2018-6764)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

916061 - Dump progress only show up when memory-only dump finish
1149445 - [RFE] Detection of cloned environment using a unique, inmutable, intelligent identifier programmically accessible - libvirt
1291851 - support for virtio-vsock - libvirt
1300772 - RFE: add support for native TLS encryption on NBD for disk migration
1367238 - libvirt allow set busNr and numa node for a pci-bridge but won't use it
1425058 - [RFE] libvirt: Provide a way to disable ROM loading completely for a device
1425757 - RFE: add support for securely passing passwords to iSCSI block drivers
1447169 - [RFE] Support hotplugging/unplugging of i6300esb  watchdog
1448149 - <memoryBacking> <access mode='shared'/> is ignored if no NUMA nodes are configured
1454709 - delete the Qos settings for the interface on the fly makes no changes
1456165 - The sub-element for panic device should be "interleave" in rng file
1468422 - Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element
1469338 - RFE: expose Q35 extended TSEG size in domain XML element or attribute
1470007 - [RFE] [libvirt part] Add S3 PR support to qemu (similar to mpathpersist)
1480668 - RFE: Enhance qemu to support freeing memory before exit when using memory-backend-file
1483816 - Schema for the 'target' field in <controller model='pci-bridge'> should not accept 'chassis' and 'port' parameters for 'q35' machine type
1490158 - Libvirt could not reconnect qemu
1492597 - Enable seccomp by out of the box with QEMU >= 2.11
1494454 - RFE: add sanity checks for shared storage when migrating without block copy
1507737 - virsh prompt doesn't change after changing the connection to readonly
1509870 - Command "virsh set-lifecycle-action --help" raises abnormal error info
1515533 - Libvirt should report correct error info when prefix is set out of range
1519146 - Libvirt uses deprecated compat=xxx option
1520821 - RFE: Add Generic PCIe-PCI bridge for libvirt
1522706 - Inexact error info when undefine a running uefi guest without flags
1523564 - Start vm with hostdev <source protocol='vhost' ...> will cause unknown error.
1524399 - client-info return incorrect readonly info when connected by tcp/tls in readonly mode
1525496 - libvirtd fails to reconnect to a qemu process after creating 200 snapshots in a chain
1525599 - Support pseries cap-htm qemu option in libvirt
1526382 - Cannot vol-create qcow2 encrypted volume due to qemu-img params changed
1527740 - NVRAM/pflash on a backing device is not created in the mount namespace
1529059 - The error message is not clear when upload a bigger file by vol-upload
1529256 - Error message is not correct when "vol-upload" a non-existing file with vol-key in logical/iscsi pool
1530451 - Failed to start guest when duplicate mount point existing in the /dev
1532542 - Blockcopy failed when using --bandwidth option with the values in the normal range
1534418 - guest can start with huge pages set to non-exist guest numa node
1538570 - Segmentation fault when run some virt-admin help srv* cmd.
1541444 - CVE-2018-6764 libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
1541921 - cachetune cannot work with TCG guest
1543775 - 'update-device' with alias in disk did not work actually and 'cold-plug' device with alias to running VM will fail in dumpxml file
1544325 - libvirt cannot parse json backing file with nbd socket keys
1544659 - can't detach disk with ceph auth backing file
1544869 - RFE: add support for native TLS encryption for NBD disk access
1546971 - Cannot modify vNIC profile of running VM
1547250 - Got lots OVS daemon ERRs while starting a OVS-dpdk guest
1549531 - Use of md5 / sha256 from gnulib prevents FIPS compliance
1552092 - request to qemu-guest-agent prevent other calls to qemu monitor
1552127 - qemu-kvm cannot find USB bus
1553075 - User-aliases not cleared on detach-device
1554876 - Device alias for input device do not take effect when hot-plugging
1556828 - [SR-IOV] - Can't start VM with SR-IOV vNIC
1557769 - Start VM with direct LUN attached with SCSI Pass-Through enabled fails on libvirtError
1558317 - VM can not start  when configuring alias for ccid controller
1559284 - rpm verify show mode differs for package libvirt-daemon-config-nwfilter
1559835 - [RFC] Fine-grained API to validate if a given CPU model and flags are supported by QEMU / KVM
1560917 - vmx parser cannot import more than 4 NICs
1560946 - [RFE] support luks encrypted volume in disk pool
1560976 - Hosted Engine VM (deployed in the past) fails to reboot with 'libvirtError: internal error: failed to format device alias for PTY retrieval' due to an error in console device in libvirt XML generated by the engine
1563169 - Rebase libvirt to current upstream release
1566416 - Storage device fails to validate for extra content " logical_block_size"
1568148 - libvirt: vpx:// driver does not get CPU vendor, model or topology from VMware server
1568407 - Guest is left paused on source host sometimes if kill source libvirtd during live migration due to QEMU image locking
1569678 - virsh capabilities reports invalid values for 4K pages
1569861 - Timed out during operation: cannot acquire state change lock (held by remoteDispatchDomainMemoryStats)
1571759 - Create Volume on ESX local storage via virsh failed while use new libvirt
1572491 - virt-xml-validate validate fails for capabilities and storagevol
1576464 - Hash operation not allowed during iteration
1576916 - Detach device with partial XML that includes an alias
1583484 - "Property '.write-cache' not found" when set cache mode for scsi block device
1583623 - Attach scsi controller with 'driver' configured to VM will raise confusing error info
1583927 - "Unexpected hostdev type while encoding audit message: 4" when attach a mdev device.
1584071 - Unknown error occurred on target host when try to get completed domjobinfo
1584073 - Introduce support for mediated devices hotplug
1584091 - libvirt: vpx:// driver does not accept a number of vCPUs when it is not 1 or a multiple of 2
1584571 - RFE: qemu: support redirdev hotunplug
1586027 - virsh detach-device-alias --config does not work
1588295 - the help info of 'virsh detach-disk --print-xml' is not accurate
1588336 - "domifaddr --source arp" can not show correct netmask
1589115 - libvirt fails to chown memory snapshot on shared (NFS) storage
1589730 - libvirtd crashed sometimes if the guest crash on the source host at the end of migration
1590214 - "Failed to reserve port 65535" for guest graphic
1591017 - nwfilter blocks all network traffic when "clean-traffic" filter is applied to guest interface.
1591235 - virt-install/virsh reports 'node 0/1 not found' error when specify nodeset in memorybacking
1591561 - libvirtd crash when detach serial  device using 'virsh detach-device-alias --config'
1591628 - Error occurred when revert a running domain to a running snapshot with "--force"
1593137 - libvirtd crashed if destroy the guest on the source host in perform phase of live migration
1593549 - parts of the network filter can not pass virt-xml-validate
1595184 - Libvirtd crashed when domifstat for interface type: user, udp
1597550 - libvirtd crashed when hot plug a scsi hostdev
1597940 - vhost-user socket path is not recognized by libvirt
1598015 - libvirtd crashed on target host when do migration with '--tls'
1598084 - cannot acquire state change lock when create snapshot with --quiesce
1598087 - Improve documentation description for 'virsh detach-device-alias' cmd
1598281 - Can NOT convert an existing guest to the native qemu-argv configuration format
1598311 - Error message is weird when there is no enough pci slot for hotplug interface
1598440 - virt-v2v will hang at opening the overlay during conversion with libvirt-4.5.0-1
1599545 - libvirtd crashed randomly during start
1599973 - libvirtd crashed during stop if there is a guest set filterref in guest vNIC
1600122 - Explicitly require matching libvirt-libs in driver subpackages
1600329 - nwfilter-binding-undefine list in virsh man page but not exists when execute
1600330 - The dumped filterbinding can not pass the xml validate
1600345 - Can not edit alias name for vsock device
1600427 - Guest can not get correct value of global_period when set schedinfo with --config
1600468 - domifaddr should not query non-existing file for interface from host bridge network
1601318 - Failed to define/create guest with vf as hostdev interface with boot order
1601377 - pool-create-as pool-define-as failed when provide --adapter-parent-wwnn and --adapter-parent-wwpn
1603025 - Start/Destroy/Virsh edit guest with 'iscsi block disk'/ 'bridge interface' cause libvirtd memleak
1603115 - Backport clean-traffic-gateway into RHEL 7.6
1607825 - Improve the error msg when define guest with 'none' type video and other video
1607831 - Error message about nwfilter promoted when fail to start vm
1609087 - Failed to define q35 guest with 'none' video type when pci address 0000:00:01.0 is used by other device
1611320 - org.libvirt.api.nwfilter-binding.create is not registered
1612009 - libvirtd crash when using perl-Sys-Virt API: get_node_sev_info()
1613746 - vol-resize with --shrink can't shrink encrypted volume
1618622 - Detaching ('virsh detach-device-alias') shmem returns failure while actually succeeds in dumpxml of  VM
1621910 - virDomainUpdateDeviceFlags fails when alias is not specified
1623157 - Domain ABI stability check must forbid host MTU changes on NICs
1624735 - libvirt refuses to start a guest with vfio-ccw on s390 because of missing 'display' attribute

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

x86_64:
libvirt-4.5.0-10.el7.x86_64.rpm
libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm
libvirt-client-4.5.0-10.el7.i686.rpm
libvirt-client-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-libs-4.5.0-10.el7.i686.rpm
libvirt-libs-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libvirt-admin-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-devel-4.5.0-10.el7.i686.rpm
libvirt-devel-4.5.0-10.el7.x86_64.rpm
libvirt-docs-4.5.0-10.el7.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.x86_64.rpm
libvirt-login-shell-4.5.0-10.el7.x86_64.rpm
libvirt-nss-4.5.0-10.el7.i686.rpm
libvirt-nss-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

x86_64:
libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm
libvirt-client-4.5.0-10.el7.i686.rpm
libvirt-client-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-libs-4.5.0-10.el7.i686.rpm
libvirt-libs-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libvirt-4.5.0-10.el7.x86_64.rpm
libvirt-admin-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-devel-4.5.0-10.el7.i686.rpm
libvirt-devel-4.5.0-10.el7.x86_64.rpm
libvirt-docs-4.5.0-10.el7.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.x86_64.rpm
libvirt-login-shell-4.5.0-10.el7.x86_64.rpm
libvirt-nss-4.5.0-10.el7.i686.rpm
libvirt-nss-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

ppc64:
libvirt-4.5.0-10.el7.ppc64.rpm
libvirt-bash-completion-4.5.0-10.el7.ppc64.rpm
libvirt-client-4.5.0-10.el7.ppc.rpm
libvirt-client-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.ppc64.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64.rpm
libvirt-devel-4.5.0-10.el7.ppc.rpm
libvirt-devel-4.5.0-10.el7.ppc64.rpm
libvirt-docs-4.5.0-10.el7.ppc64.rpm
libvirt-libs-4.5.0-10.el7.ppc.rpm
libvirt-libs-4.5.0-10.el7.ppc64.rpm

ppc64le:
libvirt-4.5.0-10.el7.ppc64le.rpm
libvirt-bash-completion-4.5.0-10.el7.ppc64le.rpm
libvirt-client-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-config-network-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-kvm-4.5.0-10.el7.ppc64le.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64le.rpm
libvirt-devel-4.5.0-10.el7.ppc64le.rpm
libvirt-docs-4.5.0-10.el7.ppc64le.rpm
libvirt-libs-4.5.0-10.el7.ppc64le.rpm

s390x:
libvirt-4.5.0-10.el7.s390x.rpm
libvirt-bash-completion-4.5.0-10.el7.s390x.rpm
libvirt-client-4.5.0-10.el7.s390.rpm
libvirt-client-4.5.0-10.el7.s390x.rpm
libvirt-daemon-4.5.0-10.el7.s390x.rpm
libvirt-daemon-config-network-4.5.0-10.el7.s390x.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.s390x.rpm
libvirt-daemon-kvm-4.5.0-10.el7.s390x.rpm
libvirt-debuginfo-4.5.0-10.el7.s390.rpm
libvirt-debuginfo-4.5.0-10.el7.s390x.rpm
libvirt-devel-4.5.0-10.el7.s390.rpm
libvirt-devel-4.5.0-10.el7.s390x.rpm
libvirt-docs-4.5.0-10.el7.s390x.rpm
libvirt-libs-4.5.0-10.el7.s390.rpm
libvirt-libs-4.5.0-10.el7.s390x.rpm

x86_64:
libvirt-4.5.0-10.el7.x86_64.rpm
libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm
libvirt-client-4.5.0-10.el7.i686.rpm
libvirt-client-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-devel-4.5.0-10.el7.i686.rpm
libvirt-devel-4.5.0-10.el7.x86_64.rpm
libvirt-docs-4.5.0-10.el7.x86_64.rpm
libvirt-libs-4.5.0-10.el7.i686.rpm
libvirt-libs-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

ppc64le:
libvirt-4.5.0-10.el7.ppc64le.rpm
libvirt-bash-completion-4.5.0-10.el7.ppc64le.rpm
libvirt-client-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-config-network-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-kvm-4.5.0-10.el7.ppc64le.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64le.rpm
libvirt-devel-4.5.0-10.el7.ppc64le.rpm
libvirt-docs-4.5.0-10.el7.ppc64le.rpm
libvirt-libs-4.5.0-10.el7.ppc64le.rpm

s390x:
libvirt-4.5.0-10.el7.s390x.rpm
libvirt-bash-completion-4.5.0-10.el7.s390x.rpm
libvirt-client-4.5.0-10.el7.s390.rpm
libvirt-client-4.5.0-10.el7.s390x.rpm
libvirt-daemon-4.5.0-10.el7.s390x.rpm
libvirt-daemon-config-network-4.5.0-10.el7.s390x.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.s390x.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.s390x.rpm
libvirt-daemon-kvm-4.5.0-10.el7.s390x.rpm
libvirt-debuginfo-4.5.0-10.el7.s390.rpm
libvirt-debuginfo-4.5.0-10.el7.s390x.rpm
libvirt-devel-4.5.0-10.el7.s390.rpm
libvirt-devel-4.5.0-10.el7.s390x.rpm
libvirt-docs-4.5.0-10.el7.s390x.rpm
libvirt-libs-4.5.0-10.el7.s390.rpm
libvirt-libs-4.5.0-10.el7.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

aarch64:
libvirt-4.5.0-10.el7.aarch64.rpm
libvirt-admin-4.5.0-10.el7.aarch64.rpm
libvirt-bash-completion-4.5.0-10.el7.aarch64.rpm
libvirt-client-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.aarch64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.aarch64.rpm
libvirt-debuginfo-4.5.0-10.el7.aarch64.rpm
libvirt-devel-4.5.0-10.el7.aarch64.rpm
libvirt-docs-4.5.0-10.el7.aarch64.rpm
libvirt-libs-4.5.0-10.el7.aarch64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.aarch64.rpm
libvirt-login-shell-4.5.0-10.el7.aarch64.rpm
libvirt-nss-4.5.0-10.el7.aarch64.rpm

ppc64le:
libvirt-admin-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-lxc-4.5.0-10.el7.ppc64le.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64le.rpm
libvirt-lock-sanlock-4.5.0-10.el7.ppc64le.rpm
libvirt-login-shell-4.5.0-10.el7.ppc64le.rpm
libvirt-nss-4.5.0-10.el7.ppc64le.rpm

s390x:
libvirt-admin-4.5.0-10.el7.s390x.rpm
libvirt-daemon-lxc-4.5.0-10.el7.s390x.rpm
libvirt-debuginfo-4.5.0-10.el7.s390.rpm
libvirt-debuginfo-4.5.0-10.el7.s390x.rpm
libvirt-lock-sanlock-4.5.0-10.el7.s390x.rpm
libvirt-login-shell-4.5.0-10.el7.s390x.rpm
libvirt-nss-4.5.0-10.el7.s390.rpm
libvirt-nss-4.5.0-10.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libvirt-admin-4.5.0-10.el7.ppc64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.ppc64.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.ppc64.rpm
libvirt-login-shell-4.5.0-10.el7.ppc64.rpm
libvirt-nss-4.5.0-10.el7.ppc.rpm
libvirt-nss-4.5.0-10.el7.ppc64.rpm

ppc64le:
libvirt-admin-4.5.0-10.el7.ppc64le.rpm
libvirt-daemon-lxc-4.5.0-10.el7.ppc64le.rpm
libvirt-debuginfo-4.5.0-10.el7.ppc64le.rpm
libvirt-lock-sanlock-4.5.0-10.el7.ppc64le.rpm
libvirt-login-shell-4.5.0-10.el7.ppc64le.rpm
libvirt-nss-4.5.0-10.el7.ppc64le.rpm

s390x:
libvirt-admin-4.5.0-10.el7.s390x.rpm
libvirt-daemon-lxc-4.5.0-10.el7.s390x.rpm
libvirt-debuginfo-4.5.0-10.el7.s390.rpm
libvirt-debuginfo-4.5.0-10.el7.s390x.rpm
libvirt-lock-sanlock-4.5.0-10.el7.s390x.rpm
libvirt-login-shell-4.5.0-10.el7.s390x.rpm
libvirt-nss-4.5.0-10.el7.s390.rpm
libvirt-nss-4.5.0-10.el7.s390x.rpm

x86_64:
libvirt-admin-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.x86_64.rpm
libvirt-login-shell-4.5.0-10.el7.x86_64.rpm
libvirt-nss-4.5.0-10.el7.i686.rpm
libvirt-nss-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libvirt-4.5.0-10.el7.src.rpm

x86_64:
libvirt-4.5.0-10.el7.x86_64.rpm
libvirt-bash-completion-4.5.0-10.el7.x86_64.rpm
libvirt-client-4.5.0-10.el7.i686.rpm
libvirt-client-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-interface-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-network-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-qemu-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-secret-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-kvm-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-devel-4.5.0-10.el7.i686.rpm
libvirt-devel-4.5.0-10.el7.x86_64.rpm
libvirt-docs-4.5.0-10.el7.x86_64.rpm
libvirt-libs-4.5.0-10.el7.i686.rpm
libvirt-libs-4.5.0-10.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libvirt-admin-4.5.0-10.el7.x86_64.rpm
libvirt-daemon-lxc-4.5.0-10.el7.x86_64.rpm
libvirt-debuginfo-4.5.0-10.el7.i686.rpm
libvirt-debuginfo-4.5.0-10.el7.x86_64.rpm
libvirt-lock-sanlock-4.5.0-10.el7.x86_64.rpm
libvirt-login-shell-4.5.0-10.el7.x86_64.rpm
libvirt-nss-4.5.0-10.el7.i686.rpm
libvirt-nss-4.5.0-10.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-6764
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9gR5dzjgjWX9erEAQjXyxAApvapzRIagYmGUn5N5k605v5t+gSTpgVv
RVDTgdQz3mM9+9lT5IRS6LYyyd8ng4jhIknb4vDUYow2Sd2Wo2G20dyCA5JJP1OL
NNsocFvlRpwBUlEZyc2QusgUV1VUVO39V5p4/Ot4pCWg3L0wr4ZgEjy7boV9FXab
5JloSNWanXCS/WfhnX+nMFRW3zhKOF/xaWy+oCkkxXFPmnE/SksCXo3xZF2Na80Y
1jbRklr2XoxixqS6Ho0pZFZNNzcnCBga3lQLOltdCN3TLaPPJ68KDIdQ+9imBHd9
LB5aH9m4rRdTWfnLbdLd6EhYXe5WW0u1lMhPmbwjIjEg+eQ+/Wb52dsDtu4baS7K
zSqRFfahCKMcRFwHAL6GqSHy9B0TdHYqcFfvi778Gu0VQyEwsrUEwLQBIwG4pCxg
0psh2cfUlyTfqkKcIIIP2j3a15Xe2k6yCRj90pXVSDyetXpz6PtomjP1thcJY8Tr
ytK598CRxrfdap+Eks2sHUMTEgvYitPJhg3KKDdvBqP4Brm0pCv3mGphi8ANK3/4
HwY/0amhPCkRisfpp4kHLBGH+vOLXzV7FnEMw+tbA/QXGFaJB2kiu60N3ktSoS8Y
ZbR2CzYbANEcj/hO5OWonhRrbdMTHc+gJvcQOXlbR+iaJ0Lts7YJo2Vh6gVWf9fI
Pdu8DwEErWc=
=WJ5s
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9k1/maOgq3Tt24GAQjIBg//SSY0Am39Zm6IZqiI08wDUaWcvG34OP2i
ON2ZwrSFIuQ0wAU2KnoAn9WoCAbgcf4uR/aBq+PenEBdCSICFGdgvqR+7UGDnD/F
mBEouVK1rzoHL1BdR5pMkBesLt4aKxdz+FnJVnIwXpRTyU+Pr/8hVNu7L4tIu4R/
XiOr51T/nKnN5uTQnAXobpobpbKnu9BiiO5mJmOxTn9tXn9TW3tUPCXoiJPMmfgP
BQC0WLdxLXpDKObhd+5V8nlWzR08sP6gjrXC3ii7e52zknBjqMRrZoM7aU0Is43F
pwU4FEPDW/hnpC5owN7ll+6OKW5bSCtwpD0fk6ZN6ohgSyhMa9ZeTeA7P3Q3VW+o
Vuy9ayFuNz7lXLrihgLCpnHNcT9TxCqeun8kNHdivTNObkmTTfVvuXJ3JpDZ4ymm
oc3FMelZbDyZAzWJhojbSwajSBYIczDaKCOHlDDSt3/5FXnauD5mjkUk8/DCuaep
S1wDzlR7bgtJgvniZ2JiRU4ym6TKc43SLFJGXZ+1ohPmSY2iWlplwz0dKgzaPlSH
4TKR4oAGdi4zWhwIIppmOJklK2KnseSl1XsPzI0MzgP5hm1YItmoLWixUHDP5uUu
6iolaTuR3mkp6dTeU8mt/+3gfQjycHASg9WnHvrerbZYA6j4M2gChMFVD3WQUg23
B8WyzKDe32I=
=or5H
-----END PGP SIGNATURE-----

« Back to bulletins