PublicDateAtUSN: 2018-03-28
Candidate: CVE-2018-1064
PublicDate: 2018-03-28 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064
 https://ubuntu.com/security/notices/USN-3680-1
Description:
 libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as
 a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor
 but now also triggered via QEMU guest agent.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_libvirt:
 upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
upstream_libvirt: released (4.1.0-1)
precise/esm_libvirt: ignored (end of ESM support, was needs-triage)
trusty_libvirt: released (1.2.2-0ubuntu13.1.27)
trusty/esm_libvirt: released (1.2.2-0ubuntu13.1.27)
xenial_libvirt: released (1.3.1-1ubuntu10.24)
esm-infra/xenial_libvirt: released (1.3.1-1ubuntu10.24)
artful_libvirt: released (3.6.0-1ubuntu6.8)
bionic_libvirt: released (4.0.0-1ubuntu8.2)
cosmic_libvirt: not-affected (4.6.0-2ubuntu3.3)
disco_libvirt: not-affected (5.0.0-1ubuntu2)
eoan_libvirt: not-affected (5.0.0-1ubuntu2)
focal_libvirt: not-affected (5.0.0-1ubuntu2)
groovy_libvirt: not-affected (5.0.0-1ubuntu2)
hirsute_libvirt: not-affected (5.0.0-1ubuntu2)
devel_libvirt: not-affected (5.0.0-1ubuntu2)