Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0838-1

Опубликовано: 29 мар. 2018
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Security issues fixed:

  • CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869).
  • CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625).
  • CVE-2018-5748: Fixed possible denial of service when reading from QEMU monitor (bsc#1076500).

Non-security issues fixed:

  • bsc#1083061: Fixed 'dumpxml --migratable' exports domain id in output on SLES11 SP4.
  • bsc#1055365: Improve performance when listing hundreds of interfaces.

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libvirt-1.2.5-23.6.1
libvirt-client-1.2.5-23.6.1
libvirt-client-32bit-1.2.5-23.6.1
libvirt-doc-1.2.5-23.6.1
libvirt-lock-sanlock-1.2.5-23.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libvirt-1.2.5-23.6.1
libvirt-client-1.2.5-23.6.1
libvirt-client-32bit-1.2.5-23.6.1
libvirt-doc-1.2.5-23.6.1
libvirt-lock-sanlock-1.2.5-23.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libvirt-devel-1.2.5-23.6.1
libvirt-devel-32bit-1.2.5-23.6.1

Ссылки

Описание

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-32bit-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-doc-1.2.5-23.6.1
Ссылки

Описание

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-32bit-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-doc-1.2.5-23.6.1
Ссылки

Описание

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvirt-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-client-32bit-1.2.5-23.6.1
SUSE Linux Enterprise Server 11 SP4:libvirt-doc-1.2.5-23.6.1
Ссылки
Уязвимость SUSE-SU-2018:0838-1