Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1490-1

Опубликовано: 13 июн. 2019
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Security issues fixed:

  • CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348)

Non security issues fixed:

  • delay global firewall setup if no networks are running (bsc#1133229)
  • add systemd-container dependency to qemu and lxc drivers (bsc#1136109)

Список пакетов

Image SLES15-SP1-SAP-Azure
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-EC2-HVM
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-GCE
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-GCE-BYOS
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-OCI-BYOS
libvirt-client-5.1.0-8.3.1
libvirt-libs-5.1.0-8.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libvirt-libs-5.1.0-8.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
libvirt-5.1.0-8.3.1
libvirt-admin-5.1.0-8.3.1
libvirt-bash-completion-5.1.0-8.3.1
libvirt-client-5.1.0-8.3.1
libvirt-daemon-5.1.0-8.3.1
libvirt-daemon-config-network-5.1.0-8.3.1
libvirt-daemon-config-nwfilter-5.1.0-8.3.1
libvirt-daemon-driver-interface-5.1.0-8.3.1
libvirt-daemon-driver-libxl-5.1.0-8.3.1
libvirt-daemon-driver-lxc-5.1.0-8.3.1
libvirt-daemon-driver-network-5.1.0-8.3.1
libvirt-daemon-driver-nodedev-5.1.0-8.3.1
libvirt-daemon-driver-nwfilter-5.1.0-8.3.1
libvirt-daemon-driver-qemu-5.1.0-8.3.1
libvirt-daemon-driver-secret-5.1.0-8.3.1
libvirt-daemon-driver-storage-5.1.0-8.3.1
libvirt-daemon-driver-storage-core-5.1.0-8.3.1
libvirt-daemon-driver-storage-disk-5.1.0-8.3.1
libvirt-daemon-driver-storage-iscsi-5.1.0-8.3.1
libvirt-daemon-driver-storage-logical-5.1.0-8.3.1
libvirt-daemon-driver-storage-mpath-5.1.0-8.3.1
libvirt-daemon-driver-storage-rbd-5.1.0-8.3.1
libvirt-daemon-driver-storage-scsi-5.1.0-8.3.1
libvirt-daemon-hooks-5.1.0-8.3.1
libvirt-daemon-lxc-5.1.0-8.3.1
libvirt-daemon-qemu-5.1.0-8.3.1
libvirt-daemon-xen-5.1.0-8.3.1
libvirt-devel-5.1.0-8.3.1
libvirt-doc-5.1.0-8.3.1
libvirt-lock-sanlock-5.1.0-8.3.1
libvirt-nss-5.1.0-8.3.1

Ссылки

Описание

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.3.1
Ссылки

Описание

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.3.1
Ссылки

Описание

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.3.1
Ссылки

Описание

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.3.1
Ссылки

Описание

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure-BYOS:libvirt-libs-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-client-5.1.0-8.3.1
Image SLES15-SP1-SAP-Azure:libvirt-libs-5.1.0-8.3.1
Ссылки
Уязвимость SUSE-SU-2019:1490-1