Описание
ELSA-2019-1268: virt:rhel security update (IMPORTANT)
[4.5.0-23.2.0.1.el8]
- added librbd1 as dependency (Keshav Sharma)
[4.5.0-23.2.el8]
- admin: reject clients unless their UID matches the current UID (CVE-2019-10132)
- locking: restrict sockets to mode 0600 (CVE-2019-10132)
- logging: restrict sockets to mode 0600 (CVE-2019-10132)
[4.5.0-23.1.el8]
- cpu_x86: Do not cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)
- qemu: Don't cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)
- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)
- cpu_map: Define md-clear CPUID bit (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module virt:ol is enabled
libvirt
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-admin
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-bash-completion
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-client
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-config-network
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-config-nwfilter
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-interface
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-network
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-nodedev
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-nwfilter
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-qemu
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-secret
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-core
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-disk
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-gluster
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-iscsi
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-logical
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-mpath
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-rbd
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-scsi
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-kvm
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-devel
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-docs
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-libs
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-lock-sanlock
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-nss
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
Oracle Linux x86_64
Module virt:ol is enabled
libvirt
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-admin
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-bash-completion
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-client
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-config-network
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-config-nwfilter
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-interface
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-network
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-nodedev
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-nwfilter
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-qemu
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-secret
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-core
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-disk
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-gluster
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-iscsi
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-logical
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-mpath
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-rbd
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-driver-storage-scsi
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-daemon-kvm
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-devel
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-docs
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-libs
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-lock-sanlock
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
libvirt-nss
4.5.0-23.2.0.1.module+el8.0.0+5225+ce2eb65e
Связанные CVE
Связанные уязвимости
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.s ...
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.