Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1438-1

Опубликовано: 06 июн. 2019
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Other security issues fixed:

  • CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).
  • qemu: Add support for using AES secret for SCSI hotplug

Список пакетов

SUSE Enterprise Storage 4
libvirt-2.0.0-27.54.1
libvirt-client-2.0.0-27.54.1
libvirt-daemon-2.0.0-27.54.1
libvirt-daemon-config-network-2.0.0-27.54.1
libvirt-daemon-config-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-interface-2.0.0-27.54.1
libvirt-daemon-driver-libxl-2.0.0-27.54.1
libvirt-daemon-driver-lxc-2.0.0-27.54.1
libvirt-daemon-driver-network-2.0.0-27.54.1
libvirt-daemon-driver-nodedev-2.0.0-27.54.1
libvirt-daemon-driver-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-qemu-2.0.0-27.54.1
libvirt-daemon-driver-secret-2.0.0-27.54.1
libvirt-daemon-driver-storage-2.0.0-27.54.1
libvirt-daemon-hooks-2.0.0-27.54.1
libvirt-daemon-lxc-2.0.0-27.54.1
libvirt-daemon-qemu-2.0.0-27.54.1
libvirt-daemon-xen-2.0.0-27.54.1
libvirt-doc-2.0.0-27.54.1
libvirt-lock-sanlock-2.0.0-27.54.1
libvirt-nss-2.0.0-27.54.1
SUSE Linux Enterprise Server 12 SP2-BCL
libvirt-2.0.0-27.54.1
libvirt-client-2.0.0-27.54.1
libvirt-daemon-2.0.0-27.54.1
libvirt-daemon-config-network-2.0.0-27.54.1
libvirt-daemon-config-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-interface-2.0.0-27.54.1
libvirt-daemon-driver-libxl-2.0.0-27.54.1
libvirt-daemon-driver-lxc-2.0.0-27.54.1
libvirt-daemon-driver-network-2.0.0-27.54.1
libvirt-daemon-driver-nodedev-2.0.0-27.54.1
libvirt-daemon-driver-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-qemu-2.0.0-27.54.1
libvirt-daemon-driver-secret-2.0.0-27.54.1
libvirt-daemon-driver-storage-2.0.0-27.54.1
libvirt-daemon-hooks-2.0.0-27.54.1
libvirt-daemon-lxc-2.0.0-27.54.1
libvirt-daemon-qemu-2.0.0-27.54.1
libvirt-daemon-xen-2.0.0-27.54.1
libvirt-doc-2.0.0-27.54.1
libvirt-lock-sanlock-2.0.0-27.54.1
libvirt-nss-2.0.0-27.54.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libvirt-2.0.0-27.54.1
libvirt-client-2.0.0-27.54.1
libvirt-daemon-2.0.0-27.54.1
libvirt-daemon-config-network-2.0.0-27.54.1
libvirt-daemon-config-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-interface-2.0.0-27.54.1
libvirt-daemon-driver-libxl-2.0.0-27.54.1
libvirt-daemon-driver-lxc-2.0.0-27.54.1
libvirt-daemon-driver-network-2.0.0-27.54.1
libvirt-daemon-driver-nodedev-2.0.0-27.54.1
libvirt-daemon-driver-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-qemu-2.0.0-27.54.1
libvirt-daemon-driver-secret-2.0.0-27.54.1
libvirt-daemon-driver-storage-2.0.0-27.54.1
libvirt-daemon-hooks-2.0.0-27.54.1
libvirt-daemon-lxc-2.0.0-27.54.1
libvirt-daemon-qemu-2.0.0-27.54.1
libvirt-daemon-xen-2.0.0-27.54.1
libvirt-doc-2.0.0-27.54.1
libvirt-lock-sanlock-2.0.0-27.54.1
libvirt-nss-2.0.0-27.54.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libvirt-2.0.0-27.54.1
libvirt-client-2.0.0-27.54.1
libvirt-daemon-2.0.0-27.54.1
libvirt-daemon-config-network-2.0.0-27.54.1
libvirt-daemon-config-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-interface-2.0.0-27.54.1
libvirt-daemon-driver-libxl-2.0.0-27.54.1
libvirt-daemon-driver-lxc-2.0.0-27.54.1
libvirt-daemon-driver-network-2.0.0-27.54.1
libvirt-daemon-driver-nodedev-2.0.0-27.54.1
libvirt-daemon-driver-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-qemu-2.0.0-27.54.1
libvirt-daemon-driver-secret-2.0.0-27.54.1
libvirt-daemon-driver-storage-2.0.0-27.54.1
libvirt-daemon-hooks-2.0.0-27.54.1
libvirt-daemon-lxc-2.0.0-27.54.1
libvirt-daemon-qemu-2.0.0-27.54.1
libvirt-daemon-xen-2.0.0-27.54.1
libvirt-doc-2.0.0-27.54.1
libvirt-lock-sanlock-2.0.0-27.54.1
libvirt-nss-2.0.0-27.54.1
SUSE OpenStack Cloud 7
libvirt-2.0.0-27.54.1
libvirt-client-2.0.0-27.54.1
libvirt-daemon-2.0.0-27.54.1
libvirt-daemon-config-network-2.0.0-27.54.1
libvirt-daemon-config-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-interface-2.0.0-27.54.1
libvirt-daemon-driver-libxl-2.0.0-27.54.1
libvirt-daemon-driver-lxc-2.0.0-27.54.1
libvirt-daemon-driver-network-2.0.0-27.54.1
libvirt-daemon-driver-nodedev-2.0.0-27.54.1
libvirt-daemon-driver-nwfilter-2.0.0-27.54.1
libvirt-daemon-driver-qemu-2.0.0-27.54.1
libvirt-daemon-driver-secret-2.0.0-27.54.1
libvirt-daemon-driver-storage-2.0.0-27.54.1
libvirt-daemon-hooks-2.0.0-27.54.1
libvirt-daemon-lxc-2.0.0-27.54.1
libvirt-daemon-qemu-2.0.0-27.54.1
libvirt-daemon-xen-2.0.0-27.54.1
libvirt-doc-2.0.0-27.54.1
libvirt-lock-sanlock-2.0.0-27.54.1
libvirt-nss-2.0.0-27.54.1

Ссылки

Описание

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.54.1
Ссылки

Описание

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.54.1
Ссылки

Описание

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.54.1
Ссылки

Описание

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.54.1
Ссылки

Описание

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Затронутые продукты
SUSE Enterprise Storage 4:libvirt-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-client-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-2.0.0-27.54.1
SUSE Enterprise Storage 4:libvirt-daemon-config-network-2.0.0-27.54.1
Ссылки
Уязвимость SUSE-SU-2019:1438-1