A flaw was found in Qemu. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to denial of service by exhaustion of memory resources. References: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
Acknowledgments: Name: Daniel P. Berrange (Red Hat), Peter Krempa (Red Hat)
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1535785]
Although RHES-3 (RHGS) is shipped with libvirt, it does not use Qemu. As such, there is no qemu process running, and no vulnerable monitor socket created.
libvirt-3.7.0-4.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1396
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1929 https://access.redhat.com/errata/RHSA-2018:1929