Launchpad CVE tracker

CVE 2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

Related bugs and status

CVE-2018-1064 (Candidate) is related to these bugs:

Bug #1365261: Apparmor denies qemu access to /tmp directory

Summary				In	Importance	Status
	1365261	Apparmor denies qemu access to /tmp directory		libvirt (Ubuntu)	Low	Fix Released

Bug #1754871: qemu-bridge-helper fails due to apparmor blocks

Summary				In	Importance	Status
	1754871	qemu-bridge-helper fails due to apparmor blocks		libvirt (Ubuntu)	Low	Fix Released

Bug #1776509: libvirt USN-3680-1 not yet available in xenial/pike repo

Summary				In	Importance	Status
	1776509	libvirt USN-3680-1 not yet available in xenial/pike repo		Ubuntu Cloud Archive	Undecided	Fix Released

Bug #1779674: AppArmor does not permit access to rbd admin socket hardcoded in OpenStack charms

Summary				In	Importance	Status
	1779674	AppArmor does not permit access to rbd admin socket hardcoded in OpenStack charms		libvirt (Ubuntu)	Medium	Fix Released

Bug #1784023: Update profiles for usrmerge

		In	Importance	Status
1784023	Update profiles for usrmerge	apparmor (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	man-db (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	libvirt (Ubuntu)	Medium	Fix Released
1784023	Update profiles for usrmerge	lightdm (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	firefox (Ubuntu)	Undecided	In Progress
1784023	Update profiles for usrmerge	isc-dhcp (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	telepathy-mission-control-5 (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	strongswan (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	dhcpcanon (Ubuntu)	Undecided	New
1784023	Update profiles for usrmerge	fwknop (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	i2p (Ubuntu)	Undecided	New
1784023	Update profiles for usrmerge	kopanocore (Ubuntu)	Undecided	New
1784023	Update profiles for usrmerge	lightdm-remote-session-freerdp2 (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	lightdm-remote-session-x2go (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	surf (Ubuntu)	Undecided	Fix Released
1784023	Update profiles for usrmerge	ejabberd (Ubuntu)	Undecided	New
1784023	Update profiles for usrmerge	apparmor-profiles-extra (Ubuntu)	Undecided	New
1784023	Update profiles for usrmerge	strongswan (Debian)	Unknown	Fix Released

Bug #1786019: Local apparmor include to tweak libvirt-qemu

Summary				In	Importance	Status
	1786019	Local apparmor include to tweak libvirt-qemu		libvirt (Ubuntu)	Undecided	Fix Released

Bug #1786168: qemu mount namespaces conflict with libvirt 4.6

Summary				In	Importance	Status
	1786168	qemu mount namespaces conflict with libvirt 4.6		libvirt (Ubuntu)	Medium	Fix Released

Bug #1786179: double virtlogd sockets with services running can trigger issues on upgrade

Summary				In	Importance	Status
	1786179	double virtlogd sockets with services running can trigger issues on upgrade		libvirt (Ubuntu)	Undecided	Fix Released
	1786179	double virtlogd sockets with services running can trigger issues on upgrade		libvirt (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-1064

References