Best answer by shuguet
I'm not from Nutanix, so you may still want to wait for an answer (though if you realy need one, I would raise a support case to have an official statement).
But what I can tell you is that the version of libvirt deployed on the CVM does not seems to be impacted.
The CVEs you mention and the Libvirt advisories both refers to versions 1.0.1 or later of libvirt.
But the CVMs (as of the latest publicly available release, 3.5.3.1) uses the version 0.10.2:
nutanix@cvm$ ls -la /usr/lib64/libvirt.so.0lrwxrwxrwx. 1 root root 17 Apr 3 15:14 /usr/lib64/libvirt.so.0 -> libvirt.so.0.10.2
nutanix@cvm$ virsh --version=longVirsh command line tool of libvirt 0.10.2See web site at http://libvirt.org/
Compiled with support for:Hypervisors: QEMU/KVM LXC ESX TestNetworking: Remote Network Bridging Interface netcf Nwfilter VirtualPortStorage: Dir Disk Filesystem SCSI Multipath iSCSI LVMMiscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline
Edit: There is a dormant flaw starting at version 0.0.5, and activated after 0.7.5, that may allow denial of service. But the major threat is the privileged information disclosure, and that is only after version 1.0.0.
In any case, both flaws can only be activated via local access to the Nutanix configuration.
Sylvain.
View original
But what I can tell you is that the version of libvirt deployed on the CVM does not seems to be impacted.
The CVEs you mention and the Libvirt advisories both refers to versions 1.0.1 or later of libvirt.
But the CVMs (as of the latest publicly available release, 3.5.3.1) uses the version 0.10.2:
nutanix@cvm$ ls -la /usr/lib64/libvirt.so.0lrwxrwxrwx. 1 root root 17 Apr 3 15:14 /usr/lib64/libvirt.so.0 -> libvirt.so.0.10.2
nutanix@cvm$ virsh --version=longVirsh command line tool of libvirt 0.10.2See web site at http://libvirt.org/
Compiled with support for:Hypervisors: QEMU/KVM LXC ESX TestNetworking: Remote Network Bridging Interface netcf Nwfilter VirtualPortStorage: Dir Disk Filesystem SCSI Multipath iSCSI LVMMiscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline
Edit: There is a dormant flaw starting at version 0.0.5, and activated after 0.7.5, that may allow denial of service. But the major threat is the privileged information disclosure, and that is only after version 1.0.0.
In any case, both flaws can only be activated via local access to the Nutanix configuration.
Sylvain.