Описание
Security update for libvirt
This update for libvirt fixes the following issues:
Security issues fixed:
- CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869).
- CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885).
- CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625).
- CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
libvirt-1.2.18.4-22.3.1
libvirt-client-1.2.18.4-22.3.1
libvirt-daemon-1.2.18.4-22.3.1
libvirt-daemon-config-network-1.2.18.4-22.3.1
libvirt-daemon-config-nwfilter-1.2.18.4-22.3.1
libvirt-daemon-driver-interface-1.2.18.4-22.3.1
libvirt-daemon-driver-libxl-1.2.18.4-22.3.1
libvirt-daemon-driver-lxc-1.2.18.4-22.3.1
libvirt-daemon-driver-network-1.2.18.4-22.3.1
libvirt-daemon-driver-nodedev-1.2.18.4-22.3.1
libvirt-daemon-driver-nwfilter-1.2.18.4-22.3.1
libvirt-daemon-driver-qemu-1.2.18.4-22.3.1
libvirt-daemon-driver-secret-1.2.18.4-22.3.1
libvirt-daemon-driver-storage-1.2.18.4-22.3.1
libvirt-daemon-lxc-1.2.18.4-22.3.1
libvirt-daemon-qemu-1.2.18.4-22.3.1
libvirt-daemon-xen-1.2.18.4-22.3.1
libvirt-doc-1.2.18.4-22.3.1
libvirt-lock-sanlock-1.2.18.4-22.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libvirt-1.2.18.4-22.3.1
libvirt-client-1.2.18.4-22.3.1
libvirt-daemon-1.2.18.4-22.3.1
libvirt-daemon-config-network-1.2.18.4-22.3.1
libvirt-daemon-config-nwfilter-1.2.18.4-22.3.1
libvirt-daemon-driver-interface-1.2.18.4-22.3.1
libvirt-daemon-driver-libxl-1.2.18.4-22.3.1
libvirt-daemon-driver-lxc-1.2.18.4-22.3.1
libvirt-daemon-driver-network-1.2.18.4-22.3.1
libvirt-daemon-driver-nodedev-1.2.18.4-22.3.1
libvirt-daemon-driver-nwfilter-1.2.18.4-22.3.1
libvirt-daemon-driver-qemu-1.2.18.4-22.3.1
libvirt-daemon-driver-secret-1.2.18.4-22.3.1
libvirt-daemon-driver-storage-1.2.18.4-22.3.1
libvirt-daemon-lxc-1.2.18.4-22.3.1
libvirt-daemon-qemu-1.2.18.4-22.3.1
libvirt-daemon-xen-1.2.18.4-22.3.1
libvirt-doc-1.2.18.4-22.3.1
libvirt-lock-sanlock-1.2.18.4-22.3.1
Ссылки
- Link for SUSE-SU-2018:2082-1
- E-Mail link for SUSE-SU-2018:2082-1
- SUSE Security Ratings
- SUSE Bug 1076500
- SUSE Bug 1079869
- SUSE Bug 1083625
- SUSE Bug 1092885
- SUSE CVE CVE-2017-5715 page
- SUSE CVE CVE-2018-1064 page
- SUSE CVE CVE-2018-3639 page
- SUSE CVE CVE-2018-5748 page
Описание
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-client-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-config-network-1.2.18.4-22.3.1
Ссылки
- CVE-2017-5715
- SUSE Bug 1068032
- SUSE Bug 1074562
- SUSE Bug 1074578
- SUSE Bug 1074701
- SUSE Bug 1074741
- SUSE Bug 1074919
- SUSE Bug 1075006
- SUSE Bug 1075007
- SUSE Bug 1075262
- SUSE Bug 1075419
- SUSE Bug 1076115
- SUSE Bug 1076372
- SUSE Bug 1076606
- SUSE Bug 1078353
- SUSE Bug 1080039
- SUSE Bug 1087887
- SUSE Bug 1087939
- SUSE Bug 1088147
- SUSE Bug 1089055
Описание
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-client-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-config-network-1.2.18.4-22.3.1
Ссылки
- CVE-2018-1064
- SUSE Bug 1076500
- SUSE Bug 1083625
- SUSE Bug 1087887
- SUSE Bug 1088147
Описание
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-client-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-config-network-1.2.18.4-22.3.1
Ссылки
- CVE-2018-3639
- SUSE Bug 1074701
- SUSE Bug 1085235
- SUSE Bug 1085308
- SUSE Bug 1087078
- SUSE Bug 1087082
- SUSE Bug 1092631
- SUSE Bug 1092885
- SUSE Bug 1094912
- SUSE Bug 1098813
- SUSE Bug 1100394
- SUSE Bug 1102640
- SUSE Bug 1105412
- SUSE Bug 1111963
- SUSE Bug 1172781
- SUSE Bug 1172782
- SUSE Bug 1172783
- SUSE Bug 1173489
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-client-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-1.2.18.4-22.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libvirt-daemon-config-network-1.2.18.4-22.3.1
Ссылки
- CVE-2018-5748
- SUSE Bug 1076500
- SUSE Bug 1083625
- SUSE Bug 1087887