ID de Prueba:	1.3.6.1.4.1.25623.1.0.843454
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for libvirt USN-3576-1
Resumen:	The remote host is missing an update for the 'libvirt'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libvirt' package(s) announced via the referenced advisory. Vulnerability Insight: Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764) Affected Software/OS: libvirt on Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5008 BugTraq ID: 91562 http://www.securityfocus.com/bid/91562 Debian Security Information: DSA-3613 (Google Search) http://www.debian.org/security/2016/dsa-3613 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/ RedHat Security Advisories: RHSA-2016:2577 http://rhn.redhat.com/errata/RHSA-2016-2577.html SuSE Security Announcement: openSUSE-SU-2016:1809 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html SuSE Security Announcement: openSUSE-SU-2016:1810 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html SuSE Security Announcement: openSUSE-SU-2016:1975 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html https://usn.ubuntu.com/3576-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5748 BugTraq ID: 102825 http://www.securityfocus.com/bid/102825 Debian Security Information: DSA-4137 (Google Search) https://www.debian.org/security/2018/dsa-4137 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html RedHat Security Advisories: RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1396 RedHat Security Advisories: RHSA-2018:1929 https://access.redhat.com/errata/RHSA-2018:1929 Common Vulnerability Exposure (CVE) ID: CVE-2018-6764 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html RedHat Security Advisories: RHSA-2018:3113 https://access.redhat.com/errata/RHSA-2018:3113 http://www.ubuntu.com/usn/USN-3576-1
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.