SUSE Linux 12-SP3: SUSE-SU-2018:0920-1 Important: Denial Of Service

suse

April 11, 2018

An update that solves three vulnerabilities and has 7 fixes is now available.

Summary

This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt: - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager:

Topics Covered

security advisory denial of service libvirt update SUSE Linux important update critical security issue executable code injection

References

#1054986 #1067018 #1070615 #1079869 #1080042

#1082041 #1082161 #1083625 #1085757 #1086038

Cross- CVE-2017-5715 CVE-2018-1064 CVE-2018-6764

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2018-1064.html

https://www.suse.com/security/cve/CVE-2018-6764.html

https://bugzilla.suse.com/1054986

https://bugzilla.suse.com/1067018

https://bugzilla.suse.com/1070615

https://bugzilla.suse.com/1079869

https://bugzilla.suse.com/1080042

https://bugzilla.suse.com/1082041

https://bugzilla.suse.com/1082161

https://bugzilla.suse.com/1083625

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:0920-1

Rating: important

Topics Covered

security advisory denial of service libvirt update SUSE Linux important update critical security issue executable code injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP3: SUSE-SU-2018:0920-1 Important: Denial Of Service

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP3: SUSE-SU-2018:0920-1 Important: Denial Of Service

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!