SUSE: 2018:2141-1 Important: Libvirt Denial of Service Fix

suse

July 31, 2018

An update that solves 5 vulnerabilities and has 7 fixes is now available

Summary

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). Bug fixes: - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services.

Topics Covered

security advisory denial of service important libvirt resource exhaustion SUSE Linux Enterprise Server memory disambiguation

References

#1076500 #1079869 #1083625 #1092885 #854343

#897352 #954872 #956298 #964465 #968483 #980558

#987527

Cross- CVE-2016-5008 CVE-2017-5715 CVE-2018-1064

CVE-2018-3639 CVE-2018-5748

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2016-5008.html

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2018-1064.html

https://www.suse.com/security/cve/CVE-2018-3639.html

https://www.suse.com/security/cve/CVE-2018-5748.html

https://bugzilla.suse.com/1076500

https://bugzilla.suse.com/1079869

https://bugzilla.suse.com/1083625

https://bugzilla.suse.com/1092885

https://bugzilla.suse.com/854343

https://bugzilla.suse.com/897352

https://bugzilla.suse.com/954872

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2141-1

Rating: important

Topics Covered

security advisory denial of service important libvirt resource exhaustion SUSE Linux Enterprise Server memory disambiguation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2141-1 Important: Libvirt Denial of Service Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2141-1 Important: Libvirt Denial of Service Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!