Описание
Security update for libvirt
This update for libvirt and virt-manager fixes the following issues:
Security issues fixed:
- CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869).
- CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042).
- CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625).
Non-security issues fixed in libvirt:
- bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0.
- bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot.
- bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt.
Non-security issues fixed in virt-manager:
- bsc#1086038: VM guests cannot be properly installed with virt-install
- bsc#1067018: KVM Guest creation failed - Property .cmt not found
- bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file
- bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libvirt-3.3.0-5.19.2
libvirt-admin-3.3.0-5.19.2
libvirt-client-3.3.0-5.19.2
libvirt-daemon-3.3.0-5.19.2
libvirt-daemon-config-network-3.3.0-5.19.2
libvirt-daemon-config-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-interface-3.3.0-5.19.2
libvirt-daemon-driver-libxl-3.3.0-5.19.2
libvirt-daemon-driver-lxc-3.3.0-5.19.2
libvirt-daemon-driver-network-3.3.0-5.19.2
libvirt-daemon-driver-nodedev-3.3.0-5.19.2
libvirt-daemon-driver-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-qemu-3.3.0-5.19.2
libvirt-daemon-driver-secret-3.3.0-5.19.2
libvirt-daemon-driver-storage-3.3.0-5.19.2
libvirt-daemon-driver-storage-core-3.3.0-5.19.2
libvirt-daemon-driver-storage-disk-3.3.0-5.19.2
libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2
libvirt-daemon-driver-storage-logical-3.3.0-5.19.2
libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2
libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2
libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2
libvirt-daemon-lxc-3.3.0-5.19.2
libvirt-daemon-qemu-3.3.0-5.19.2
libvirt-daemon-xen-3.3.0-5.19.2
libvirt-doc-3.3.0-5.19.2
libvirt-libs-3.3.0-5.19.2
virt-install-1.4.1-5.8.1
virt-manager-1.4.1-5.8.1
virt-manager-common-1.4.1-5.8.1
SUSE Linux Enterprise Server 12 SP3
libvirt-3.3.0-5.19.2
libvirt-admin-3.3.0-5.19.2
libvirt-client-3.3.0-5.19.2
libvirt-daemon-3.3.0-5.19.2
libvirt-daemon-config-network-3.3.0-5.19.2
libvirt-daemon-config-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-interface-3.3.0-5.19.2
libvirt-daemon-driver-libxl-3.3.0-5.19.2
libvirt-daemon-driver-lxc-3.3.0-5.19.2
libvirt-daemon-driver-network-3.3.0-5.19.2
libvirt-daemon-driver-nodedev-3.3.0-5.19.2
libvirt-daemon-driver-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-qemu-3.3.0-5.19.2
libvirt-daemon-driver-secret-3.3.0-5.19.2
libvirt-daemon-driver-storage-3.3.0-5.19.2
libvirt-daemon-driver-storage-core-3.3.0-5.19.2
libvirt-daemon-driver-storage-disk-3.3.0-5.19.2
libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2
libvirt-daemon-driver-storage-logical-3.3.0-5.19.2
libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2
libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2
libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2
libvirt-daemon-hooks-3.3.0-5.19.2
libvirt-daemon-lxc-3.3.0-5.19.2
libvirt-daemon-qemu-3.3.0-5.19.2
libvirt-daemon-xen-3.3.0-5.19.2
libvirt-doc-3.3.0-5.19.2
libvirt-libs-3.3.0-5.19.2
libvirt-lock-sanlock-3.3.0-5.19.2
libvirt-nss-3.3.0-5.19.2
virt-install-1.4.1-5.8.1
virt-manager-1.4.1-5.8.1
virt-manager-common-1.4.1-5.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libvirt-3.3.0-5.19.2
libvirt-admin-3.3.0-5.19.2
libvirt-client-3.3.0-5.19.2
libvirt-daemon-3.3.0-5.19.2
libvirt-daemon-config-network-3.3.0-5.19.2
libvirt-daemon-config-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-interface-3.3.0-5.19.2
libvirt-daemon-driver-libxl-3.3.0-5.19.2
libvirt-daemon-driver-lxc-3.3.0-5.19.2
libvirt-daemon-driver-network-3.3.0-5.19.2
libvirt-daemon-driver-nodedev-3.3.0-5.19.2
libvirt-daemon-driver-nwfilter-3.3.0-5.19.2
libvirt-daemon-driver-qemu-3.3.0-5.19.2
libvirt-daemon-driver-secret-3.3.0-5.19.2
libvirt-daemon-driver-storage-3.3.0-5.19.2
libvirt-daemon-driver-storage-core-3.3.0-5.19.2
libvirt-daemon-driver-storage-disk-3.3.0-5.19.2
libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2
libvirt-daemon-driver-storage-logical-3.3.0-5.19.2
libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2
libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2
libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2
libvirt-daemon-hooks-3.3.0-5.19.2
libvirt-daemon-lxc-3.3.0-5.19.2
libvirt-daemon-qemu-3.3.0-5.19.2
libvirt-daemon-xen-3.3.0-5.19.2
libvirt-doc-3.3.0-5.19.2
libvirt-libs-3.3.0-5.19.2
libvirt-lock-sanlock-3.3.0-5.19.2
libvirt-nss-3.3.0-5.19.2
virt-install-1.4.1-5.8.1
virt-manager-1.4.1-5.8.1
virt-manager-common-1.4.1-5.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libvirt-devel-3.3.0-5.19.2
Ссылки
- Link for SUSE-SU-2018:0920-1
- E-Mail link for SUSE-SU-2018:0920-1
- SUSE Security Ratings
- SUSE Bug 1054986
- SUSE Bug 1067018
- SUSE Bug 1070615
- SUSE Bug 1079869
- SUSE Bug 1080042
- SUSE Bug 1082041
- SUSE Bug 1082161
- SUSE Bug 1083625
- SUSE Bug 1085757
- SUSE Bug 1086038
- SUSE CVE CVE-2017-5715 page
- SUSE CVE CVE-2018-1064 page
- SUSE CVE CVE-2018-6764 page
Описание
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libvirt-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-admin-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-client-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-daemon-3.3.0-5.19.2
Ссылки
- CVE-2017-5715
- SUSE Bug 1068032
- SUSE Bug 1074562
- SUSE Bug 1074578
- SUSE Bug 1074701
- SUSE Bug 1074741
- SUSE Bug 1074919
- SUSE Bug 1075006
- SUSE Bug 1075007
- SUSE Bug 1075262
- SUSE Bug 1075419
- SUSE Bug 1076115
- SUSE Bug 1076372
- SUSE Bug 1076606
- SUSE Bug 1078353
- SUSE Bug 1080039
- SUSE Bug 1087887
- SUSE Bug 1087939
- SUSE Bug 1088147
- SUSE Bug 1089055
Описание
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libvirt-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-admin-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-client-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-daemon-3.3.0-5.19.2
Ссылки
- CVE-2018-1064
- SUSE Bug 1076500
- SUSE Bug 1083625
- SUSE Bug 1087887
- SUSE Bug 1088147
Описание
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libvirt-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-admin-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-client-3.3.0-5.19.2
SUSE Linux Enterprise Desktop 12 SP3:libvirt-daemon-3.3.0-5.19.2
Ссылки
- CVE-2018-6764
- SUSE Bug 1080042
- SUSE Bug 1088147