12:27 p.m.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
notices/2018/0002.xml | 274 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 274 insertions(+)
create mode 100644 notices/2018/0002.xml
diff --git a/notices/2018/0002.xml b/notices/2018/0002.xml
new file mode 100644
index 0000000..8b8e069
--- /dev/null
+++ b/notices/2018/0002.xml
@@ -0,0 +1,274 @@
+<security-notice
xmlns="http://security.libvirt.org/xmlns/security-notice/1.0">
+ <id>2018-0002</id>
+
+ <summary>QEMU monitor denial of service</summary>
+
+ <description>
+ <![CDATA[The libvirt code that reads data from the QEMU monitor will read
+ data until encountering a newline, buffering all data in memory
+ with no upper limit applied.]]>
+ </description>
+
+ <impact>
+ <![CDATA[A malicious QEMU process can cause the libvirtd daemon to consume
+ an arbitrary amount of memory by sending lots of data without any newline
+ characters.]]>
+ </impact>
+
+ <workaround>
+ <![CDATA[There is no practical workaround to prevent this happening, though to
+ exploit it a user would have to first break out of the guest into QEMU]]>
+ </workaround>
+
+ <credits>
+ <reporter>
+ <name>Peter Krempa</name>
+ <email>pkrempa(a)redhat.com</email>
+ </reporter>
+ <reporter>
+ <name>Daniel P. Berrangé</name>
+ <email>berrange(a)redhat.com</email>
+ </reporter>
+ <patcher>
+ <name>Daniel P. Berrangé</name>
+ <email>berrange(a)redhat.com</email>
+ </patcher>
+ </credits>
+
+ <lifecycle>
+ <reported>20171221</reported>
+ <published>20171221</published>
+ <fixed>20180118</fixed>
+ </lifecycle>
+
+ <reference>
+ <advisory type="CVE" id="2018-5748"/>
+ </reference>
+
+ <product name="libvirt">
+ <repository>libvirt.git</repository>
+ <branch>
+ <name>master</name>
+ <tag state="vulnerable">v0.2.0</tag>
+ <tag state="vulnerable">v0.2.1</tag>
+ <tag state="vulnerable">v0.2.2</tag>
+ <tag state="vulnerable">v0.2.3</tag>
+ <tag state="vulnerable">v0.3.0</tag>
+ <tag state="vulnerable">v0.3.1</tag>
+ <tag state="vulnerable">v0.3.2</tag>
+ <tag state="vulnerable">v0.3.3</tag>
+ <tag state="vulnerable">v0.4.1</tag>
+ <tag state="vulnerable">v0.4.2</tag>
+ <tag state="vulnerable">v0.4.4</tag>
+ <tag state="vulnerable">v0.4.6</tag>
+ <tag state="vulnerable">v0.5.0</tag>
+ <tag state="vulnerable">v0.5.1</tag>
+ <tag state="vulnerable">v0.6.0</tag>
+ <tag state="vulnerable">v0.6.1</tag>
+ <tag state="vulnerable">v0.6.2</tag>
+ <tag state="vulnerable">v0.6.3</tag>
+ <tag state="vulnerable">v0.6.4</tag>
+ <tag state="vulnerable">v0.6.5</tag>
+ <tag state="vulnerable">v0.7.0</tag>
+ <tag state="vulnerable">v0.7.1</tag>
+ <tag state="vulnerable">v0.7.2</tag>
+ <tag state="vulnerable">v0.7.3</tag>
+ <tag state="vulnerable">v0.7.4</tag>
+ <tag state="vulnerable">v0.7.5</tag>
+ <tag state="vulnerable">v0.7.6</tag>
+ <tag state="vulnerable">v0.7.7</tag>
+ <tag state="vulnerable">v0.8.0</tag>
+ <tag state="vulnerable">v0.8.1</tag>
+ <tag state="vulnerable">v0.8.2</tag>
+ <tag state="vulnerable">v0.8.3</tag>
+ <tag state="vulnerable">v0.8.4</tag>
+ <tag state="vulnerable">v0.8.5</tag>
+ <tag state="vulnerable">v0.8.6</tag>
+ <tag state="vulnerable">v0.8.7</tag>
+ <tag state="vulnerable">v0.8.8</tag>
+ <tag state="vulnerable">v0.9.0</tag>
+ <tag state="vulnerable">v0.9.1</tag>
+ <tag state="vulnerable">v0.9.2</tag>
+ <tag state="vulnerable">v0.9.3</tag>
+ <tag state="vulnerable">v0.9.4</tag>
+ <tag state="vulnerable">v0.9.5</tag>
+ <tag state="vulnerable">v0.9.6</tag>
+ <tag state="vulnerable">v0.9.7</tag>
+ <tag state="vulnerable">v0.9.8</tag>
+ <tag state="vulnerable">v0.9.9</tag>
+ <tag state="vulnerable">v0.9.10</tag>
+ <tag state="vulnerable">v0.9.11</tag>
+ <tag state="vulnerable">v0.9.12</tag>
+ <tag state="vulnerable">v0.9.13</tag>
+ <tag state="vulnerable">v0.10.0</tag>
+ <tag state="vulnerable">v0.10.1</tag>
+ <tag state="vulnerable">v0.10.2</tag>
+ <tag state="vulnerable">v1.0.0</tag>
+ <tag state="vulnerable">v1.0.1</tag>
+ <tag state="vulnerable">v1.0.2</tag>
+ <tag state="vulnerable">v1.0.3</tag>
+ <tag state="vulnerable">v1.0.4</tag>
+ <tag state="vulnerable">v1.0.5</tag>
+ <tag state="vulnerable">v1.0.6</tag>
+ <tag state="vulnerable">v1.1.0</tag>
+ <tag state="vulnerable">v1.1.1</tag>
+ <tag state="vulnerable">v1.1.2</tag>
+ <tag state="vulnerable">v1.1.3</tag>
+ <tag state="vulnerable">v1.1.4</tag>
+ <tag state="vulnerable">v1.2.0</tag>
+ <tag state="vulnerable">v1.2.1</tag>
+ <tag state="vulnerable">v1.2.2</tag>
+ <tag state="vulnerable">v1.2.3</tag>
+ <tag state="vulnerable">v1.2.4</tag>
+ <tag state="vulnerable">v1.2.5</tag>
+ <tag state="vulnerable">v1.2.6</tag>
+ <tag state="vulnerable">v1.2.7</tag>
+ <tag state="vulnerable">v1.2.8</tag>
+ <tag state="vulnerable">v1.2.9</tag>
+ <tag state="vulnerable">v1.2.10</tag>
+ <tag state="vulnerable">v1.2.11</tag>
+ <tag state="vulnerable">v1.2.12</tag>
+ <tag state="vulnerable">v1.2.13</tag>
+ <tag state="vulnerable">v1.2.14</tag>
+ <tag state="vulnerable">v1.2.15</tag>
+ <tag state="vulnerable">v1.2.16</tag>
+ <tag state="vulnerable">v1.2.17</tag>
+ <tag state="vulnerable">v1.2.18</tag>
+ <tag state="vulnerable">v1.2.19</tag>
+ <tag state="vulnerable">v1.2.20</tag>
+ <tag state="vulnerable">v1.2.21</tag>
+ <tag state="vulnerable">v1.3.0</tag>
+ <tag state="vulnerable">v1.3.1</tag>
+ <tag state="vulnerable">v1.3.2</tag>
+ <tag state="vulnerable">v1.3.3</tag>
+ <tag state="vulnerable">v1.3.4</tag>
+ <tag state="vulnerable">v1.3.5</tag>
+ <tag state="vulnerable">v2.0.0</tag>
+ <tag state="vulnerable">v2.1.0</tag>
+ <tag state="vulnerable">v2.2.0</tag>
+ <tag state="vulnerable">v2.3.0</tag>
+ <tag state="vulnerable">v2.4.0</tag>
+ <tag state="vulnerable">v2.5.0</tag>
+ <tag state="vulnerable">v3.0.0</tag>
+ <tag state="vulnerable">v3.1.0</tag>
+ <tag state="vulnerable">v3.2.0</tag>
+ <tag state="vulnerable">v3.3.0</tag>
+ <tag state="vulnerable">v3.4.0</tag>
+ <tag state="vulnerable">v3.5.0</tag>
+ <tag state="vulnerable">v3.6.0</tag>
+ <tag state="vulnerable">v3.7.0</tag>
+ <tag state="vulnerable">v3.8.0</tag>
+ <tag state="vulnerable">v3.9.0</tag>
+ <tag state="vulnerable">v3.10.0</tag>
+ <tag state="fixed">v4.0.0</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ <change
state="fixed">bc251ea91bcfddd2622fce6bce701a438b2e7276</change>
+ </branch>
+ <branch>
+ <name>v0.9.6-maint</name>
+ <tag state="vulnerable">v0.9.6.1</tag>
+ <tag state="vulnerable">v0.9.6.2</tag>
+ <tag state="vulnerable">v0.9.6.3</tag>
+ <tag state="vulnerable">v0.9.6.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.11-maint</name>
+ <tag state="vulnerable">v0.9.11.1</tag>
+ <tag state="vulnerable">v0.9.11.2</tag>
+ <tag state="vulnerable">v0.9.11.3</tag>
+ <tag state="vulnerable">v0.9.11.4</tag>
+ <tag state="vulnerable">v0.9.11.5</tag>
+ <tag state="vulnerable">v0.9.11.6</tag>
+ <tag state="vulnerable">v0.9.11.7</tag>
+ <tag state="vulnerable">v0.9.11.8</tag>
+ <tag state="vulnerable">v0.9.11.9</tag>
+ <tag state="vulnerable">v0.9.11.10</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.12-maint</name>
+ <tag state="vulnerable">v0.9.12.1</tag>
+ <tag state="vulnerable">v0.9.12.2</tag>
+ <tag state="vulnerable">v0.9.12.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.10.2-maint</name>
+ <tag state="vulnerable">v0.10.2.1</tag>
+ <tag state="vulnerable">v0.10.2.2</tag>
+ <tag state="vulnerable">v0.10.2.3</tag>
+ <tag state="vulnerable">v0.10.2.4</tag>
+ <tag state="vulnerable">v0.10.2.5</tag>
+ <tag state="vulnerable">v0.10.2.6</tag>
+ <tag state="vulnerable">v0.10.2.7</tag>
+ <tag state="vulnerable">v0.10.2.8</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.0.5-maint</name>
+ <tag state="vulnerable">v1.0.5.1</tag>
+ <tag state="vulnerable">v1.0.5.2</tag>
+ <tag state="vulnerable">v1.0.5.3</tag>
+ <tag state="vulnerable">v1.0.5.4</tag>
+ <tag state="vulnerable">v1.0.5.5</tag>
+ <tag state="vulnerable">v1.0.5.6</tag>
+ <tag state="vulnerable">v1.0.5.7</tag>
+ <tag state="vulnerable">v1.0.5.8</tag>
+ <tag state="vulnerable">v1.0.5.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.1.3-maint</name>
+ <tag state="vulnerable">v1.1.3.1</tag>
+ <tag state="vulnerable">v1.1.3.2</tag>
+ <tag state="vulnerable">v1.1.3.3</tag>
+ <tag state="vulnerable">v1.1.3.4</tag>
+ <tag state="vulnerable">v1.1.3.5</tag>
+ <tag state="vulnerable">v1.1.3.6</tag>
+ <tag state="vulnerable">v1.1.3.7</tag>
+ <tag state="vulnerable">v1.1.3.8</tag>
+ <tag state="vulnerable">v1.1.3.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.9-maint</name>
+ <tag state="vulnerable">v1.2.9.1</tag>
+ <tag state="vulnerable">v1.2.9.2</tag>
+ <tag state="vulnerable">v1.2.9.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.13-maint</name>
+ <tag state="vulnerable">v1.2.13.1</tag>
+ <tag state="vulnerable">v1.2.13.2</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.18-maint</name>
+ <tag state="vulnerable">v1.2.18.1</tag>
+ <tag state="vulnerable">v1.2.18.2</tag>
+ <tag state="vulnerable">v1.2.18.3</tag>
+ <tag state="vulnerable">v1.2.18.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.3.3-maint</name>
+ <tag state="vulnerable">v1.3.3.1</tag>
+ <tag state="vulnerable">v1.3.3.2</tag>
+ <tag state="vulnerable">v1.3.3.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v2.2-maint</name>
+ <tag state="vulnerable">v2.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v3.2-maint</name>
+ <tag state="vulnerable">v3.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ </product>
+
+</security-notice>
--
2.14.3