Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
202
security advisorydenial of servicemoderate severityopenSUSE 15.5 SUSE-SU-2023:3043-1 Moderate: libvirt Denial of Service
This update for libvirt fixes the following issues: Security fixes:. # Security update for libvirt Announcement ID: SUSE-SU-2023:3043-1 Rating: moderate References: * #1213352 * #1213447 Cross-References: * CVE-2023-3750 CVSS scores: * CVE-2023-3750 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3750 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for libvirt fixes the following issues: Security fixes: * CVE-2023-3750: Fixed mproper locking in virStoragePoolObjListSearch that may lead to denial of service (bsc#1213447). Other fixes: * build library with support for modular daemons (bsc#1213352). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3043=1 openSUSE-SLE-15.5-2023-3043=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3043=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3043=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.11.1 * libvirt-client-9.0.0-150500.6.11.1 * libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-9.0.0-150500.6.11.1 * libvirt-client-qemu-9.0.0-150500.6.11.1 * libvirt-devel-9.0.0-150500.6.11.1 *libvirt-daemon-driver-storage-core-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-hooks-9.0.0-150500.6.11.1 * libvirt-daemon-qemu-9.0.0-150500.6.11.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.11.1 * wireshark-plugin-libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-gluster-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.11.1 * libvirt-nss-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.11.1 * libvirt-nss-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.11.1 * libvirt-daemon-driver-lxc-debuginfo-9.0.0-150500.6.11.1 * libvirt-libs-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-9.0.0-150500.6.11.1 * libvirt-libs-debuginfo-9.0.0-150500.6.11.1 * libvirt-client-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-9.0.0-150500.6.11.1 *libvirt-daemon-config-network-9.0.0-150500.6.11.1 * wireshark-plugin-libvirt-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.11.1 * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-daemon-lxc-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-gluster-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.11.1 * libvirt-daemon-driver-lxc-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (x86_64) * libvirt-client-32bit-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-xen-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.11.1 * libvirt-devel-32bit-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (noarch) * libvirt-doc-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libvirt-devel-64bit-9.0.0-150500.6.11.1 * libvirt-client-64bit-debuginfo-9.0.0-150500.6.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-libs-debuginfo-9.0.0-150500.6.11.1 * libvirt-libs-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.11.1 * libvirt-client-9.0.0-150500.6.11.1 * libvirt-9.0.0-150500.6.11.1 * libvirt-daemon-9.0.0-150500.6.11.1 * libvirt-client-qemu-9.0.0-150500.6.11.1 * libvirt-devel-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.11.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.11.1 *libvirt-daemon-hooks-9.0.0-150500.6.11.1 * libvirt-daemon-qemu-9.0.0-150500.6.11.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.11.1 * libvirt-nss-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.11.1 * libvirt-nss-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.11.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-9.0.0-150500.6.11.1 * libvirt-client-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.11.1 * libvirt-lock-sanlock-9.0.0-150500.6.11.1 * libvirt-daemon-config-network-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.11.1 * libvirt-debugsource-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.11.1 *libvirt-daemon-driver-qemu-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.11.1 * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (noarch) * libvirt-doc-9.0.0-150500.6.11.1 * Server Applications Module 15-SP5 (x86_64) * libvirt-daemon-driver-libxl-9.0.0-150500.6.11.1 * libvirt-daemon-xen-9.0.0-150500.6.11.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3750.html * https://bugzilla.suse.com/show_bug.cgi?id=1213352 * https://bugzilla.suse.com/show_bug.cgi?id=1213447 . A security patch for libvirt addresses a moderate severity denial of service vulnerability. Please refer to the installation guide for further details.. libvirt update, openSUSE security, server applications. . LinuxSecurity.com Team
Jul 31, 2023
OpenSUSE
217
security advisorylibvirt updateimportant updateOracle Linux 7 ELSA-2022-10062 Critical: libvirt SELinux Fix
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-10062 https://linux.oracle.com/errata/ELSA-2022-10062.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable LinuxNetwork: aarch64: libvirt-5.7.0-38.el7.aarch64.rpm libvirt-bash-completion-5.7.0-38.el7.aarch64.rpm libvirt-client-5.7.0-38.el7.aarch64.rpm libvirt-daemon-5.7.0-38.el7.aarch64.rpm libvirt-daemon-config-network-5.7.0-38.el7.aarch64.rpm libvirt-daemon-config-nwfilter-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-interface-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-lxc-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-network-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-nodedev-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-nwfilter-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-qemu-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-secret-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-core-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-disk-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-gluster-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-iscsi-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-logical-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-mpath-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-rbd-5.7.0-38.el7.aarch64.rpm libvirt-daemon-driver-storage-scsi-5.7.0-38.el7.aarch64.rpm libvirt-daemon-kvm-5.7.0-38.el7.aarch64.rpm libvirt-daemon-qemu-5.7.0-38.el7.aarch64.rpm libvirt-devel-5.7.0-38.el7.aarch64.rpm libvirt-docs-5.7.0-38.el7.aarch64.rpm libvirt-libs-5.7.0-38.el7.aarch64.rpm libvirt-admin-5.7.0-38.el7.aarch64.rpm libvirt-daemon-lxc-5.7.0-38.el7.aarch64.rpm libvirt-lock-sanlock-5.7.0-38.el7.aarch64.rpm libvirt-login-shell-5.7.0-38.el7.aarch64.rpm libvirt-nss-5.7.0-38.el7.aarch64.rpm python2-libvirt-5.7.0-38.el7.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/libvirt-5.7.0-38.el7.src.rpm https://oss.oracle.com:443/ol7/SRPMS-updates/libvirt-python-5.7.0-38.el7.src.rpm Related CVEs: CVE-2021-3631 Description of changes: libvirt [5.7.0-38.el7] - qemu: Don't report spurious errors from vCPU tid validation on hotunplug timeout (Shaleen Bathla) [Orabug: 34826758] - security:fix SELinux label generation logic (Daniel P. Berrangé) [Orabug: 34773029] {CVE-2021-3631} - spec: Require iproute-tc dependency for OL7 also (Shaleen Bathla) [Orabug: 34724925] - qemu: Set default qdisc before setting bandwidth (Michal Prívozník) [Orabug: 34724925] - qemu: Taint cpu host-passthrough only after migration (Cole Robinson) [Orabug: 34724925] libvirt-python [5.7.0-38.el7] - Bump version number to 5.7.0-38 to match libvirt. (Wim ten Have) _______________________________________________ El-errata mailing list
Dec 06, 2022
•Critical
Oracle
203
security advisorydenial of servicemoderate severityMageia 6: MGASA-2019-0138 Moderate: libvirt NULL Pointer Dereference
NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. (CVE-2019-3840) References: - https://bugs.mageia.org/show_bug.cgi?id=24528 . MGASA-2019-0138 - Updated libvirt packages fix security vulnerability Publication date: 10 Apr 2019 URL: https://advisories.mageia.org/MGASA-2019-0138.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-3840 NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. (CVE-2019-3840) References: - https://bugs.mageia.org/show_bug.cgi?id=24528 - https://ubuntu.com/security/notices/USN-3909-1 - https://www.cve.org/CVERecord?id=CVE-2019-3840 SRPMS: - 6/core/libvirt-3.10.0-1.5.mga6 . MGASA-2020-0456: Enhanced gcc packages resolve a severe buffer overflow vulnerability impacting Mageia.. libvirt security update,Mageia security advisory,qemuAgentCommand fix,denial of service. . LinuxSecurity.com Team
Apr 10, 2019
Mageia
98
security advisoryred hatsecurity impactRed Hat: RHSA-2018-3400 Important: Libvirt Cache Side-Channel Threat
An update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3400-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3400 Issue date: 2018-10-30 CVE Names: CVE-2018-3639 ==================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read fromaddress to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.9.src.rpm x86_64: libvirt-0.10.2-46.el6_6.9.x86_64.rpm libvirt-client-0.10.2-46.el6_6.9.i686.rpm libvirt-client-0.10.2-46.el6_6.9.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.9.i686.rpm libvirt-devel-0.10.2-46.el6_6.9.x86_64.rpm libvirt-python-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.9.src.rpm x86_64: libvirt-0.10.2-46.el6_6.9.x86_64.rpm libvirt-client-0.10.2-46.el6_6.9.i686.rpm libvirt-client-0.10.2-46.el6_6.9.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.9.i686.rpm libvirt-devel-0.10.2-46.el6_6.9.x86_64.rpm libvirt-python-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux ServerOptional TUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9hmt9zjgjWX9erEAQjL3w//REIrMBGNTNbKYC8OHWDjEloO/PxqCPQr e0wxa/67xN+8i/DFZGd0scd8UghTIoZqj4IK7ZVjxxq1Vf5YlNhC3ot4uAFZ5zi2 d+HxmA5X5901w7bOIbkQNBak6IP6KQbZW1VcucBC5uMdklzogEwAyhYkZOnzXPNd ix9Ul1IcrTmM+hr8qzJ/KZuTkweXIuSZ+B+cKa2cGc5ZlGp2a+jrnndVO2qyILmo 9KjpfN2BuAc+bK+NveFIJYXFXTbbTqIjA3Ax5t01k+Q7Kz4nhA3qdUsmXdgsL5hz mUnmsagQrnPhsLw7VetbD4/R65HRxR/W/Vskudt2rYo1Qm9PnLOYK1VrTTgv4Ee/ UTf3utrlGXmX7vHgMUqOlZviN4Izy8qFW/iLas5XuLHtVb2rNyt5qVeAcOmnW6x2 oMvMVIg0znfwpdK07SO3SDhGoRKnqAVGeHY1laZS/j14NdFcP1UjyZr2gxtcsj2W Crhj6qbnk+5FvjreXRyaoWWOVAWqcq3LIU0t1LHhBk336R06S1y/zZAuYeCW4gFV uKqnJaMVZfaWQeWKU+1JrTXjy2Sd7gwDvPIwWXIakhBfSM6vY3VEqE/3sAE4tpfV snb/ASJ3g3sOUasw8t+sMI0g+eqShcOKoGLOOj655HlhNkFCRb5m31+EYYkg/jmD 0gzfMxuSQf4=znp/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 30, 2018
•Important
Red Hat
98
security advisorycriticalRed Hat Enterprise LinuxRed Hat Enterprise Linux 7.3: Critical Cache Side-Channel RHSA-2018:3398-01
An update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3398-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3398 Issue date: 2018-10-30 CVE Names: CVE-2018-3639 ==================================================================== 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read fromaddress to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: libvirt-2.0.0-10.el7_3.13.src.rpm x86_64: libvirt-client-2.0.0-10.el7_3.13.i686.rpm libvirt-client-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v.7.3): x86_64: libvirt-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-qemu-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-kvm-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm libvirt-devel-2.0.0-10.el7_3.13.i686.rpm libvirt-devel-2.0.0-10.el7_3.13.x86_64.rpm libvirt-docs-2.0.0-10.el7_3.13.x86_64.rpm libvirt-lock-sanlock-2.0.0-10.el7_3.13.x86_64.rpm libvirt-login-shell-2.0.0-10.el7_3.13.x86_64.rpm libvirt-nss-2.0.0-10.el7_3.13.i686.rpm libvirt-nss-2.0.0-10.el7_3.13.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.7.3): Source: libvirt-2.0.0-10.el7_3.13.src.rpm ppc64: libvirt-2.0.0-10.el7_3.13.ppc64.rpm libvirt-client-2.0.0-10.el7_3.13.ppc.rpm libvirt-client-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-qemu-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.ppc64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc64.rpm libvirt-devel-2.0.0-10.el7_3.13.ppc.rpm libvirt-devel-2.0.0-10.el7_3.13.ppc64.rpm libvirt-docs-2.0.0-10.el7_3.13.ppc64.rpm ppc64le: libvirt-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-client-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-qemu-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-devel-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-docs-2.0.0-10.el7_3.13.ppc64le.rpm s390x: libvirt-2.0.0-10.el7_3.13.s390x.rpm libvirt-client-2.0.0-10.el7_3.13.s390.rpm libvirt-client-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.s390x.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.s390x.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.s390.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.s390x.rpm libvirt-devel-2.0.0-10.el7_3.13.s390.rpm libvirt-devel-2.0.0-10.el7_3.13.s390x.rpm libvirt-docs-2.0.0-10.el7_3.13.s390x.rpm x86_64: libvirt-2.0.0-10.el7_3.13.x86_64.rpm libvirt-client-2.0.0-10.el7_3.13.i686.rpm libvirt-client-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-qemu-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-kvm-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm libvirt-devel-2.0.0-10.el7_3.13.i686.rpm libvirt-devel-2.0.0-10.el7_3.13.x86_64.rpm libvirt-docs-2.0.0-10.el7_3.13.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.7.3): ppc64: libvirt-daemon-lxc-2.0.0-10.el7_3.13.ppc64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc64.rpm libvirt-lock-sanlock-2.0.0-10.el7_3.13.ppc64.rpm libvirt-login-shell-2.0.0-10.el7_3.13.ppc64.rpm libvirt-nss-2.0.0-10.el7_3.13.ppc.rpm libvirt-nss-2.0.0-10.el7_3.13.ppc64.rpm ppc64le: libvirt-daemon-kvm-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-daemon-lxc-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-lock-sanlock-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-login-shell-2.0.0-10.el7_3.13.ppc64le.rpm libvirt-nss-2.0.0-10.el7_3.13.ppc64le.rpm s390x: libvirt-daemon-lxc-2.0.0-10.el7_3.13.s390x.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.s390.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.s390x.rpm libvirt-login-shell-2.0.0-10.el7_3.13.s390x.rpm libvirt-nss-2.0.0-10.el7_3.13.s390.rpm libvirt-nss-2.0.0-10.el7_3.13.s390x.rpm x86_64: libvirt-daemon-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm libvirt-lock-sanlock-2.0.0-10.el7_3.13.x86_64.rpm libvirt-login-shell-2.0.0-10.el7_3.13.x86_64.rpm libvirt-nss-2.0.0-10.el7_3.13.i686.rpm libvirt-nss-2.0.0-10.el7_3.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBW9hdmNzjgjWX9erEAQis3Q//f1rkhiLVZ5iwuN76zebIEXhpH14f9gQ+ x3Hvy8JFPr1tkOaJxXyuV5KwZbbzNqINWKkqfCfnOlKwiJsq8RHxrBVoFBNj6YBg rmuwUUicBVEpQzI+8kPpeW+pvxlERAr6Bc5hdDcAOQbQMEIeVTHuMxcE6AZPW6jX ULrgvZWUwHXRvsI7HxCGDE87e5LvMQ4I9sNLs+Q4vt6Qjw+qSdl5iQG3oUcXhSGw I/DNJ3Y9BXtBue+hy2sKxejJQmWu67pHPdLXTkMshbwFzKKXKqTOzD0m0yacR2aF LLtmdPIuva9U9CVJK5T0xUsV7HwwCeP/RB11bCasqS8tXbXn/a8hg2ixUfo8iOiS HsxszZceJKC+UVKd5JXBgCRQiksrDviRd3yoZE4jXS2LZpwHsRbxBEvBOr4F9KK0 aNTiRuZdMBfuHIiLoNV6mC71OL0tdsy2+dF8JxgqeGd51BQjcE6zCJC1bouMuq/F 7rwVY7Js/ueLUsYZhIfincGqSy6KIgul9eXAyfLTjswpvIvBJ3IIlkeGaNtF1zuJ humsyaAFxUSF2mF5+4/qAiduj342KrmXNV4rvv/+BjJmqRkj09Nj+d2uU7BB46Oe IB21iYq+Yo7Miw52ffKNQPKluSKktc/5V9IkF7/XFCzJ6NRfS/tiZ5P1sRIpQL4w ZEK9QenI36g=E5Hq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 30, 2018
•Important
Red Hat
100
security advisorydenial of servicelibvirt updateSUSE Linux 12-SP3: SUSE-SU-2018:0920-1 Important: Denial Of Service
An update that solves three vulnerabilities and has 7 fixes is now available.. SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0920-1 Rating: important References: #1054986 #1067018 #1070615 #1079869 #1080042 #1082041 #1082161 #1083625 #1085757 #1086038 Cross-References: CVE-2017-5715 CVE-2018-1064 CVE-2018-6764 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt: - bsc#1070615: Fixed TPM device passthrough failure on kernels > = 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager: - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-618=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-618=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-618=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.19.2 libvirt-devel-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.19.2 libvirt-admin-3.3.0-5.19.2 libvirt-admin-debuginfo-3.3.0-5.19.2 libvirt-client-3.3.0-5.19.2 libvirt-client-debuginfo-3.3.0-5.19.2 libvirt-daemon-3.3.0-5.19.2 libvirt-daemon-config-network-3.3.0-5.19.2 libvirt-daemon-config-nwfilter-3.3.0-5.19.2 libvirt-daemon-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-interface-3.3.0-5.19.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-lxc-3.3.0-5.19.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-network-3.3.0-5.19.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-qemu-3.3.0-5.19.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-secret-3.3.0-5.19.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-lxc-3.3.0-5.19.2 libvirt-daemon-qemu-3.3.0-5.19.2 libvirt-debugsource-3.3.0-5.19.2 libvirt-doc-3.3.0-5.19.2 libvirt-libs-3.3.0-5.19.2 libvirt-libs-debuginfo-3.3.0-5.19.2 libvirt-lock-sanlock-3.3.0-5.19.2 libvirt-lock-sanlock-debuginfo-3.3.0-5.19.2 libvirt-nss-3.3.0-5.19.2 libvirt-nss-debuginfo-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.19.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.19.2 libvirt-daemon-hooks-3.3.0-5.19.2 libvirt-daemon-xen-3.3.0-5.19.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): virt-install-1.4.1-5.8.1 virt-manager-1.4.1-5.8.1 virt-manager-common-1.4.1-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): virt-install-1.4.1-5.8.1 virt-manager-1.4.1-5.8.1 virt-manager-common-1.4.1-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.19.2 libvirt-admin-3.3.0-5.19.2 libvirt-admin-debuginfo-3.3.0-5.19.2 libvirt-client-3.3.0-5.19.2 libvirt-client-debuginfo-3.3.0-5.19.2 libvirt-daemon-3.3.0-5.19.2 libvirt-daemon-config-network-3.3.0-5.19.2 libvirt-daemon-config-nwfilter-3.3.0-5.19.2 libvirt-daemon-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-interface-3.3.0-5.19.2 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-libxl-3.3.0-5.19.2 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-lxc-3.3.0-5.19.2 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-network-3.3.0-5.19.2 libvirt-daemon-driver-network-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-3.3.0-5.19.2 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-3.3.0-5.19.2 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-qemu-3.3.0-5.19.2 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-secret-3.3.0-5.19.2 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-3.3.0-5.19.2 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-3.3.0-5.19.2 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-3.3.0-5.19.2 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-3.3.0-5.19.2 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-3.3.0-5.19.2 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-3.3.0-5.19.2 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.19.2 libvirt-daemon-lxc-3.3.0-5.19.2 libvirt-daemon-qemu-3.3.0-5.19.2 libvirt-daemon-xen-3.3.0-5.19.2 libvirt-debugsource-3.3.0-5.19.2 libvirt-doc-3.3.0-5.19.2 libvirt-libs-3.3.0-5.19.2 libvirt-libs-debuginfo-3.3.0-5.19.2 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1064.html https://www.suse.com/security/cve/CVE-2018-6764.html https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1067018 https://bugzilla.suse.com/1070615 https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1080042 https://bugzilla.suse.com/1082041 https://bugzilla.suse.com/1082161 https://bugzilla.suse.com/1083625 https://bugzilla.suse.com/1085757 https://bugzilla.suse.com/1086038 -- . An important security notification for libvirt highlights various vulnerabilities and outlines essential patches for SUSE Linux installations.. libvirt Update,SUSE Linux Security,Executable Code Injection,Denial Of Service,Speculative Side Channel. . Severity: Important. LinuxSecurity.com Team
Apr 11, 2018
•Important
SuSE
98
security advisorysecurity issuered hatRed Hat 7 RHSA-2015:0323 Low: Libvirt Security Update and Enhancements
Updated libvirt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2015:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0323.html Issue date: 2015-03-05 CVE Names: CVE-2014-8136 CVE-2015-0236 ==================================================================== 1. Summary: Updated libvirt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on afailed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged "Unable to lookup SELinux process context" error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the "virsh setmaxmem" command failed when attempting to set the maximum memory to be lower than the current memory. Now, "virsh setmaxmem" sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filtersare now properly unlocked in the described scenario, and the deadlock no longer occurs.(BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by setting a longer wait time for snooping the guest IP address. (BZ#1075543) Enhancements: * A new "migrate_host" option is now available in /etc/libvirt/qemu.conf, which allows users to set a custom IP address to be used for incoming migrations. (BZ#1087671) * With this update, libvirt is able to create a compressed memory-only crash dump of a QEMU domain. This type of crash dump is directly readable by the GNU Debugger and requires significantly less hard disk space than the standard crash dump. (BZ#1035158) * Support for reporting the NUMA node distance of the host has been added to libvirt. This enhances the current libvirt capabilities for reporting NUMA topology of the host, and allows for easier optimization of new domains. (BZ#1086331) * The XML file of guest and host capabilities generated by the "virsh capabilities" command has been enhanced to list the following information, where relevant: the interface speed and link status of the host, the PCI Express (PCIe) details, the host's hardware support for I/O virtualization, and a report on the huge memory pages. (BZ#1076960, BZ#1076957, BZ#1076959, BZ#1076962) These packages also include a number of other bug fixes and enhancements. For additional details, see the "Bugs Fixed" section below. 4. Solution: All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, libvirtd will be restarted automatically. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 706887 - [TestOnly] qemu truncates JSON numbers > = 0x8000_0000_0000_0000 765733 - Error reporting when qemu terminates unexpectedly is inconsistent and sometimes unhelpful 823535 - Libvirt is sensitive to the order in which the video devices are passed 872628 - List available LXC consoles using container_ttys env variable 874418 - clear the error message when dump a guest with pass-through device 876829 - create external checkpoint snapshot will change the guest pmsuspended state and guest hang forever 877244 - Virsh command will delay a long time if restart libvirtd with many virtual networks running 878394 - virsh iface-dumpxml or virt-manager reports "bond interface misses the bond element" for inactive bond interfaces 880483 - Guest can use inactive macvtap-passthrough network 921094 - Missing auditing for serial, parallel, channel, console and smartcard devices 924853 - blockcopy to cifs fails 956506 - virsh snapshot-delete --children-only bypasses safety check for deleting disk-only children 957293 - support libiscsi for SCSI passthrough devices 963817 - Stable SCSI host addressing 964177 - virConnectDomainEventRTCChangeCallback returns wrong offset 967493 - Lockfailure action Ignore will lead to sanlock rem_lockspace stuck 967494 - Lockfailure action Restart can shutdown the guest but fail to start it 972964 - WWN option for Hot Attaching SCSI Disks 983350 - The running Guest was paused while cancel the migration on the third machine 985782 - Some flag values of method are missing in libvirt-python bindings 985980 - virsh vcpuinfo output is difficult to read with large cpu counts 990418 - Provide option to enable/disable 64-bit PCI hole 991290 - Fail to modify the name attribute of ipv6 dhcp host via virsh net-update 992980 - Separate limits for anonymous and authenticated users994731 - Documentation for virDomainLookupBy* should mention caller's responsibility to free virDomainPtr 995377 - Domain without autostart can't be resumed by the libvirt-guests script afterrebooting the host 997802 - domdisplay should show all URI if config both vnc and spice in guest 999926 - Policy denies libvirtd the permission to relabel unix domain sockets 1006700 - need add "interface" to virt-xml-validate manual page 1007698 - The cpu_shares value of domain xml should be consistent with return value of schedinfo. 1007759 - libvirt should forbid to attach a device with boot order for the first time if the os/boot element exists 1021703 - [RFE] Support for qemu-kvm's "-boot splash_time" parameter 1022874 - In man page of virsh, a typo 'COMMMANDS' displays three times 1023366 - [virsh cmd] Error message is not clear for commands blkiotune and schedinfo 1025407 - autoport='yes' doesn't skip over ports in use with IPv6 1027076 - Fail to start lxc with disabled selinux due to the existed empty /selinux 1029266 - Error message is not clear for command nwfilter-define under non-root user. 1029732 - Libvirt can not update/modify queues value of interface element using update-device command 1032363 - document need to pass image name for block backed disks with --disk-only 1033398 - Nodedev-destroy commands both doc and error message when destroy HBA are not clear 1033704 - domain xml: libvirt should take defaultMode value into account when discarding entries 1035128 - Stable guest ABI doesn't check redirected usb device 1035966 - Start autostarted virtual networks in background 1041569 - [NFR] libvirt: Returning the allocation watermark for all the images opened for writing during block-commit 1043735 - virsh command domiftune bound parameter checking error 1046192 - Can't set the timer base as localtime once localtime is used in the variable attribute. 1047818 - VFs can not be listed by net-dumpxml directly after starting the hostdev network 1052114 - guest fail to start with permission denied error when with gluster volume 1056902 - virsh attach-interface/detach-interface mishandles inactive configuration on device hot(un)plug commands 1062142 - live snapshot merge (commit) of the activelayer 1064770 - Fail to update floor attribute of QoS using updateDeviceFlags 1066280 - Fail to restore guest from the save file while set the static selinux lable for the guest and set the relabel='no' in the guest's xml 1066894 - Implement for libvirt guest's xml for security label 1067338 - Mem leak while start a guest with a character followed 1069784 - block commit/pull support for disks using libgfapi volumes 1070680 - cpu-stats boundary value problem 1071095 - Libvirt report incorrect error message when parsing invalid value of CTRL_IP_LEARNING in nwfilter 1072141 - "pool-list --type gluster" list other types pool 1072292 - Libvirt report incorrect message when starting domain with nwfilter whose chain priority is greater than its filter rule priority 1072653 - vol-upload should change the volume target format type after uploading a different format file to it 1072677 - Incorrect error message when hot-plugging interface with an inexistence nwfilter 1073368 - [libvirt] can create live snapshot of passthrough device (iSCSI LUN or block device) 1075290 - gluster option is not showed in virsh --version=long 1075299 - Failed to get the vol-name by giving volume path in gluster pool. 1075543 - Libvirt does not terminate when DHCP snooping is being used 1076098 - [RFE] allow setting video ram size (vgamem_mb) for qemu vga cards. 1076725 - libvirt: Multi-node NUMA policy assignment 1076957 - Expose huge pages information through libvirt API 1076959 - Expose host hardware support for I/O virtualization via libvirt API 1076960 - Expose interface speed and link information via API 1076962 - Expose PCIe BW and lane information through API 1076989 - Enable complex memory requirements for virtual machines 1077009 - It shouldn't be permitted to change the uuid of a nwfilter 1077572 - Python setInterfaceParameters function is broken 1078590 - use of tls with libvirt.so can leave zombie processes 1079162 - The guest will be destroyed abnormally while revert the guest's snapshot which took in "pmsuspended" status 1079173- libvirt can not do vol-download for gluster pool volume 1080859 - [Snapshot Doc] In snapshot-create-as manual page, supported snapshot type should be no, internal and external 1081461 - Dropped guest network connection during migration (before it finished) 1081881 - Fail to start guest with 2 displays mixed with port allocated automatically and fixed port. 1081932 - the return value of API virNodeDevice.listCaps() is not correct 1082124 - RHEL7 libvirt vs older qemu: unable to execute QEMU command 'qom-get': The command qom-get has not been found 1082521 - The sg disk is not really shared within 2 guests 1083345 - The --memspec parameters "snapshot=no" doesn't work when creating internal disk snapshot 1084360 - [doc] Document behavior of --reuse-external (VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT) 1085706 - virsh numatune should forbid to accept int as parameter values 1085769 - [Stroage][vol-clone] Volume was cloned successfully when passing an non-existing pool 1086121 - Improve the error message when failed to restore a guest with a not availabe disk with startupPolicy='optional' 1086704 - Don't allow aio=native without cache=none 1087104 - [Storage][vol-download] virsh cmd vol-download works with option offset and length by passing a negative integer 1088667 - [storage] some volume related virsh commands work when the passed volume is not one volume of the passed pool 1088787 - Libvirt should clean up socket file on destroyed domain with UNIX character device 1088864 - nwfilter deadlock 1088901 - Fail to do external disk-only snapshot when guest use FC storage 1089179 - The error is inaccurate when create snapshot with memspec snapshot=external and diskspec snapshot=no 1091866 - volume is disappered after vol-wipe with logical type pool 1092253 - Improve the error message when blockpull with a wrong base path 1092363 - [RHEL7] Virsh cmd maxvcpus returns 255 for kvm type, but the maximum number of vcpus supported by kvm is 160. 1093127 - RFE: report NUMA node locality for PCI devices 1095035 -[RHEL7][Storage]The "lazy_refcounts" feature was missing in the xml printed by vol-dumpxml for a qcow3 disk in a native gluster pool 1095636 - SELinux prevent qemu from attaching tuntap queues 1097028 - Don't fail starting domain without cpu, cpuset and cpuacct cgroups controllers1097503 - guest will be paused and can't resume when do external system checkpoint snapshot with wrong compression format 1097677 - libvirt loses track of hotplugged vcpus after daemon restart 1097968 - libvirt-python API baselineCPU doesn't generate exception 1098659 - libvirt binds only to ipv6 1099978 - Maintain relative path to backing file image during live merge (block-commit) 1100769 - blkiotune weight range should be (10, 1000) 1101059 - virsh vcpupin need accurate error message when --vcpu argument is negative 1101510 - no need to require iptables-ipv6 1101731 - Rebase libvirt to current upstream release 1101987 - Libvirt should report error when try to revert guest to external system checkpoint snapshot 1101999 - virt-xml-validate should pass when netfs pool xml with glusterfs backend 1102611 - The running guest will disappear while change the security_driver from "none" to "selinux" 1103245 - libvirt reset rtc interrupt backlog after guest-set-time 1104992 - Guest fail to start while disks use same no-exist source file even though with startupPolicy='optional' 1104993 - Garbage characters show in the output of pool-name with no-exist pool UUID 1105939 - Fail to start guest while disable the default security labeling 1108593 - Libvirtd will crash while start a guest which DAC's seclabel type='none' in guest's xml 1110198 - domblkinfo doesn't work when guest use glusterfs as source 1110212 - The error info is not correct when do blockcommit with --base and --top point to same source 1110673 - typo errors in man page VIRSH(1) 1111044 - capabilities mode hostdev shouldn't be added in KVM 1112939 - libvirt should prompt more readable error message while ide/sata bus disk do not support readonly 1113116 - [RFE] add API to query thestats of multiple VMs at once 1113332 - python bindings for graphics event have wrong value for address type 1113668 - libvirt failed to start a domain with unix+guestfwd channel 1113861 - The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml. 1113868 - domxml-to-native fails for spice graphics with autoport='yes' when spice_tls is disabled 1115898 - [RFE] Add events for cputune and iotune change 1118710 - The error info is not accurate when do vol-wipe with volume based on gluster pool 1119206 - RFE: Multiple virtio-rng devices support 1119215 - Generate the redundant record in guest's xml while configure the same listen address in guest's xm 1119387 - The default behavor of abort block job with pivot flag isn't sync 1119592 - libvirt will report error after use pool-build in Non-root mode(qemu:///session) 1119784 - QMP: extend block events with error information 1121837 - numatune can use nodeset 0,^0 but can't edit xml like this 1121955 - virsh command takes long time to finish after set "log_level = 1" only 1122255 - 'virsh desc $dom blah' doesn't survive libvirtd restart 1122455 - libvirt should refuse to start domain with unsupported/useless min-guarantee element in qemu driver 1122973 - missing pci address for vga devices 1126329 - Libvirt should forbid using relative path to the new overaly snapshot image for external snapshots 1126721 - [Doc] Attribute name vlan-id should be vlanid in nwfilter xml docs 1126909 - Wrong block job type reported for active layer commit 1126991 - [libvirt] expose ivshmem 1128097 - Can't use domiftune --inbound 0 or --outbound 0 to clear inbound or outbound settings for a shut off guest 1128751 - isn't always formated as it should be 1129207 - libvirtd will crash after do managedsave the same guest in the same time 1129372 - Failed to start domain with specified cputune after decreasing vcpu number 1129998 - numatune --mode can't work well 1130089 - Possible deadlock when the domain isdestroyed on destination during migration 1130379 - [Doc]no manual about metadata command in virsh manual 1131306 - number range should be checked for the 4 new options of blkiotune 1131445 - Could not show process info for migration at once. 1131788 - blkdeviotune should can be used in session mode 1131811 - The iotune element will disappear from the guest's xml while set an invalid value 1131819 - Libvirtd crash while set blkdeviotune with the hotplug disk and specify the --config option 1131876 - The range for blkdeviotune was different in guest's xml and virsh command line 1131897 - virDomainSetMemoryFlags doesn't process flag VIR_DOMAIN_MEM_MAXIMUM for LXC 1132301 - Error msg is not right for option -k and -K against virsh command 1132305 - option -k and -K should point out range of reasonable values against virsh command 1132347 - Libvirt crash after defining/editing macvtap network pool with elements 1134154 - snapshot's race condition 1134454 - pkg-config --libs contains cflags 1135169 - blockcopy job was cancel by "CTRL+C" while it show there still be one block job in background 1135339 - active commit will be cancelled by another commit 1135396 - Honor hugepage settings on UMA guest 1135431 - libvirt should pass "-enable-fips" to QEMU 1135955 - The usage for migrate's option --auto-converge missed in virsh man page 1136736 - Failed to remove libvirt-daemon-1.2.8-1.el7.x86_64 package 1138221 - Fail to managedsave while configure in the guest's xml 1138231 - Report better error when backing chain detection fails 1138487 - one of guest will be shut off when restart libvirtd while disable the default security labeling 1138545 - guest NUMA cannot start when automatic NUMA placement 1139567 - virsh cmd will hang when remove blockcopy file 1140085 - guest interface which use existing bridge source bridge will disappear after libvirtd restart 1140981 - Libvirt should post more accurate error when do blockpull with qemu-kvm 1140984 - sub-element in ... change after create external disk snapshot 1141209 -Back port selected upstream Coverity resolutions since 1.2.8 1141621 - libvirtd will crashed after hot-plug a virtual NIC to a guest which use qemu-attach connect to libvirtd 1141732 - wrong QMP argument 'id' when detaching iscsi hostdev 1141943 - libvirtd crash when defining scsi storage pool 1142294 - libvirt should report error when failed to use domtime to set a guest time 1142693 - [RFE] Add a qemu resume hook that is able to preprocess the domain XML 1142722 - libvirtd dead while destroy one guest with block disk 1143780 - Deadlock on nwfilter when taking same concurrent jobs 1143955 - libvirtd crashed after running "virsh metadata --remove" command 1144303 - memory leak when starting a domain with cpu mode='host-model' 1144920 - libvirtd crashed after use qemu-monitor-event --regex to a running guest 1144922 - wrong backingStore info after blockpull and destroy/start guest 1145048 - freepages argument has wrong unit and range 1145050 - API virNodeGetFreePages need report specific error when node out of range 1146511 - Updating blkdeviotune for live domain doesn't survive restarting the libvirtd 1146550 - USB Redirection no longer works: Permission Denied 1146837 - Libvirtd crash when defining scsi pool with 'scsi_host' type adapter and parentaddr attribute 1147331 - [migration] Tunnelled migration failed 1147494 - libvirtd crashes when starting a domain with 0 cpu shares 1147584 - save/managedsave doesn't work with host-passthrough 1150322 - libvirt should recognize __com.redhat_change-backing-file for relative path preservation 1150505 - Domain is out of control from libvirt when running some concurrent define/undefine/start/destroy jobs rapidly 1151718 - Permission denied when create external snapshot for guest whose source file based on nfs 1151885 - libvirtd loses track of a running restored guest with host-passthrough cpu 1152382 - [NPIV] The volume in scsi pool appears only after refreshing pool 1155410 - An LXC domain without console dies soon after start 1155441 - forbid NIC offloads change on thefly using update-device 1155458 - libvirt can not save mode='client' of vhostuser interface to domain xml 1156288 - libvirtd crashed on disk snapshot with rdma glusterfs image 1156367 - network using host bridge gets a MAC on libvirt update 1158715 - A memory error report when use domstats 1159227 - lxc domain startup is slow 1159245 - repeated migration with NBD fails 1160084 - domfsfreeze and domfsthaw cannot work well when guest restart 1160212 - libvirt doesn't stop the NBD server after migration 1160565 - Libvirt should check if the parent defined in xml matches the wwn of vHBA when starting pool 1160926 - Destroying 'fc_host' pool the HBA is NOT destroyed when not using 'parent' attribute 1161024 - libvirtd crashes after device hot-unplug crashes qemu 1161124 - small memory leak in migration 1161358 - [ACL] polkit: wrong attribute name 'interface_mac' for network interface in the documentation 1161540 - kvm_init_vcpu failed for cpu hot-plugging in NUMA 1162097 - crash after attempted spice channel hotplug 1162208 - libvirtd occasionally crashes at the end of migration 1162915 - net-event should not report unsuccessful event 1162974 - external disk snapshot with fault glusterfs snapshot xml crash libvirtd 1163463 - use after free in callers of virNetDevLinkDump 1163953 - No way to turn off rdma-pin-all once it was turned on 1164528 - VM with a storage volume that contains a RBD volume in the backing chain fails to start 1166592 - Failed to create logical volume with specified xml 1167145 - networkMigrateStateFiles function does not work on xfs file system due to using unsupported t_type field 1167883 - Report job type in virDomainGetJobInfo 1168866 - "libvirtError: Unable to write to '/sys/fs/cgroup/cpuset/machine.slice/machine-qemux2dinstancex2d00000002.scope/cpuset.mems': Device or resource busy" 1169409 - Libvirt will crash with segfault if you try to set non-existing nwfilter to network interface for live guest 1170484 - guest can not start when setting " vcpu placement='auto' " 1174053 - libvirtdcrash when try to cold plug a network iscsi hostdev which guest already have a iscsi hostdev 1174090 - extra space will be added to xml when update a network 1174859 - missing support for -spice disable-agent-file-xfer qemu commandline option 1175234 - virDomainGetSchedulerParameters() fails with Unable to read from '/sys/fs/cgroup/cpu,cpuacct/machine.slice/machine-qemux2dMic2.scope/cpu.shares': No such file or directory 1175397 - memdev= option is not supported on rhel6 machine-types 1175668 - Attach a usb disk to guest failed. 1175709 - Unable to start guest with hugepages and strict numa pinning 1176176 - CVE-2014-8136 libvirt: local denial of service in qemu/qemu_driver.c 1177194 - Fail to Migrate with Bridged network, eth + macvtap ,with different interface name on two hosts 1180136 - Memory leak when parsing invalid network XML 1180574 - migration rhel7.1 -> rhel7.0 wont work if you set "ram" < 2*"vgamem" for QXL device 1181052 - update default vgamem size from 8 MiB to 16 MiB 1181157 - libvirtError: argument unsupported: QEMU driver does not support element 1181408 - Libvirtd crash while hotplug the guest agent without target type for many times 1182448 - cpu features are not formatted in XML for host-model 1182486 - libvirtd crashed when updating a IPv6 and a IPv4 into a IPv4 element 1184431 - CVE-2015-0236 libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libvirt-1.2.8-16.el7.src.rpm ppc64: libvirt-1.2.8-16.el7.ppc64.rpm libvirt-client-1.2.8-16.el7.ppc.rpm libvirt-client-1.2.8-16.el7.ppc64.rpm libvirt-daemon-1.2.8-16.el7.ppc64.rpm libvirt-daemon-config-network-1.2.8-16.el7.ppc64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.ppc64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.ppc64.rpm libvirt-debuginfo-1.2.8-16.el7.ppc.rpm libvirt-debuginfo-1.2.8-16.el7.ppc64.rpm libvirt-devel-1.2.8-16.el7.ppc.rpm libvirt-devel-1.2.8-16.el7.ppc64.rpm libvirt-docs-1.2.8-16.el7.ppc64.rpm s390x: libvirt-1.2.8-16.el7.s390x.rpm libvirt-client-1.2.8-16.el7.s390.rpm libvirt-client-1.2.8-16.el7.s390x.rpm libvirt-daemon-1.2.8-16.el7.s390x.rpm libvirt-daemon-config-network-1.2.8-16.el7.s390x.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-network-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.s390x.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.s390x.rpm libvirt-debuginfo-1.2.8-16.el7.s390.rpm libvirt-debuginfo-1.2.8-16.el7.s390x.rpm libvirt-devel-1.2.8-16.el7.s390.rpm libvirt-devel-1.2.8-16.el7.s390x.rpm libvirt-docs-1.2.8-16.el7.s390x.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libvirt-daemon-lxc-1.2.8-16.el7.ppc64.rpm libvirt-debuginfo-1.2.8-16.el7.ppc64.rpm libvirt-lock-sanlock-1.2.8-16.el7.ppc64.rpm libvirt-login-shell-1.2.8-16.el7.ppc64.rpm s390x: libvirt-daemon-lxc-1.2.8-16.el7.s390x.rpm libvirt-debuginfo-1.2.8-16.el7.s390x.rpm libvirt-login-shell-1.2.8-16.el7.s390x.rpm x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: libvirt-1.2.8-16.el7.src.rpm x86_64: libvirt-1.2.8-16.el7.x86_64.rpm libvirt-client-1.2.8-16.el7.i686.rpm libvirt-client-1.2.8-16.el7.x86_64.rpm libvirt-daemon-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-config-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-lxc-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-network-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64.rpm libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64.rpm libvirt-daemon-kvm-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.i686.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-devel-1.2.8-16.el7.i686.rpm libvirt-devel-1.2.8-16.el7.x86_64.rpm libvirt-docs-1.2.8-16.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvirt-daemon-lxc-1.2.8-16.el7.x86_64.rpm libvirt-debuginfo-1.2.8-16.el7.x86_64.rpm libvirt-lock-sanlock-1.2.8-16.el7.x86_64.rpm libvirt-login-shell-1.2.8-16.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-8136 https://access.redhat.com/security/cve/CVE-2015-0236 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+G2FXlSAg2UNWIIRAt6BAJ0dU65z6s/tiZCo7wJ7woSK/lE/BQCfRIz4 RqgEguJ1FT67e1HVYLzvRdc=uR7R -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 05, 2015
•Low
Red Hat
200
security advisorydenial of servicelibvirt updateScientific Linux 6: SLSA-2014:1873-1 Moderate: libvirt DoS and Leak
Moderate: libvirt security and bug fix update. Date: Tue, 18 Nov 2014 09:12:39 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 7x x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploadedto x86_64: corosync-2.3.3-2.el7_0.1.x86_64.rpm corosynclib-2.3.3-2.el7_0.1.i686.rpm corosynclib-2.3.3-2.el7_0.1.x86_64.rpm corosynclib-devel-2.3.3-2.el7_0.1.i686.rpm corosynclib-devel-2.3.3-2.el7_0.1.x86_64.rpm dracut-033-161.el7_0.173.x86_64.rpm dracut-caps-033-161.el7_0.173.x86_64.rpm dracut-config-generic-033-161.el7_0.173.x86_64.rpm dracut-config-rescue-033-161.el7_0.173.x86_64.rpm dracut-fips-033-161.el7_0.173.x86_64.rpm dracut-fips-aesni-033-161.el7_0.173.x86_64.rpm dracut-network-033-161.el7_0.173.x86_64.rpm dracut-tools-033-161.el7_0.173.x86_64.rpm ipa-admintools-3.3.3-28.el7_0.3.x86_64.rpm ipa-client-3.3.3-28.el7_0.3.x86_64.rpm ipa-python-3.3.3-28.el7_0.3.x86_64.rpm ipa-server-3.3.3-28.el7_0.3.x86_64.rpm ipa-server-trust-ad-3.3.3-28.el7_0.3.x86_64.rpm kernel-3.10.0-123.9.3.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-123.9.3.el7.noarch.rpm kernel-debug-3.10.0-123.9.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.9.3.el7.x86_64.rpm kernel-devel-3.10.0-123.9.3.el7.x86_64.rpm kernel-doc-3.10.0-123.9.3.el7.noarch.rpm kernel-headers-3.10.0-123.9.3.el7.x86_64.rpm kernel-tools-3.10.0-123.9.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.9.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.9.3.el7.x86_64.rpm kmod-hpsa-3.4.4_1_RH1-1.el7_0.x86_64.rpm kmod-lpfc-10.2.8021.0-1.el7_0.x86_64.rpm libipa_hbac-1.11.2-68.el7_0.6.i686.rpm libipa_hbac-1.11.2-68.el7_0.6.x86_64.rpm libipa_hbac-devel-1.11.2-68.el7_0.6.i686.rpm libipa_hbac-devel-1.11.2-68.el7_0.6.x86_64.rpm libipa_hbac-python-1.11.2-68.el7_0.6.x86_64.rpm libsss_idmap-1.11.2-68.el7_0.6.i686.rpm libsss_idmap-1.11.2-68.el7_0.6.x86_64.rpm libsss_idmap-devel-1.11.2-68.el7_0.6.i686.rpm libsss_idmap-devel-1.11.2-68.el7_0.6.x86_64.rpm libsss_nss_idmap-1.11.2-68.el7_0.6.i686.rpm libsss_nss_idmap-1.11.2-68.el7_0.6.x86_64.rpm libsss_nss_idmap-devel-1.11.2-68.el7_0.6.i686.rpm libsss_nss_idmap-devel-1.11.2-68.el7_0.6.x86_64.rpm libsss_nss_idmap-python-1.11.2-68.el7_0.6.x86_64.rpm mdadm-3.2.6-31.el7_0.2.x86_64.rpm mokutil-0.7-8.el7_0.x86_64.rpm perf-3.10.0-123.9.3.el7.x86_64.rpm python-perf-3.10.0-123.9.3.el7.x86_64.rpm python-sssdconfig-1.11.2-68.el7_0.6.noarch.rpm resource-agents-3.9.5-26.el7_0.5.x86_64.rpm scl-utils-20130529-9.el7_0.x86_64.rpm scl-utils-build-20130529-9.el7_0.x86_64.rpm setup-2.8.71-5.el7.noarch.rpm shim-unsigned-0.7-8.el7_0.x86_64.rpm sssd-1.11.2-68.el7_0.6.x86_64.rpm sssd-ad-1.11.2-68.el7_0.6.x86_64.rpm sssd-client-1.11.2-68.el7_0.6.i686.rpm sssd-client-1.11.2-68.el7_0.6.x86_64.rpm sssd-common-1.11.2-68.el7_0.6.i686.rpm sssd-common-1.11.2-68.el7_0.6.x86_64.rpm sssd-common-pac-1.11.2-68.el7_0.6.x86_64.rpm sssd-ipa-1.11.2-68.el7_0.6.x86_64.rpm sssd-krb5-1.11.2-68.el7_0.6.x86_64.rpm sssd-krb5-common-1.11.2-68.el7_0.6.x86_64.rpm sssd-ldap-1.11.2-68.el7_0.6.x86_64.rpm sssd-proxy-1.11.2-68.el7_0.6.x86_64.rpm sssd-tools-1.11.2-68.el7_0.6.x86_64.rpm system-config-printer-1.4.1-19.el7.x86_64.rpm system-config-printer-libs-1.4.1-19.el7.noarch.rpm system-config-printer-udev-1.4.1-19.el7.x86_64.rpm tzdata-2014i-1.el7.noarch.rpm tzdata-java-2014i-1.el7.noarch.rpm virt-who-0.8-15.el7_0.noarch.rpm Date: Tue, 18 Nov 2014 09:50:26 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploadedto i386: 389-ds-base-1.2.11.15-48.el6_6.i686.rpm 389-ds-base-devel-1.2.11.15-48.el6_6.i686.rpm 389-ds-base-libs-1.2.11.15-48.el6_6.i686.rpm curl-7.19.7-40.el6_6.1.i686.rpm debugmode-9.03.46-1.el6_6.1.i686.rpm initscripts-9.03.46-1.el6_6.1.i686.rpm iproute-2.6.32-33.el6_6.i686.rpm iproute-devel-2.6.32-33.el6_6.i686.rpm iproute-doc-2.6.32-33.el6_6.i686.rpm java-1.6.0-openjdk-1.6.0.33-1.13.5.1.el6_6.i686.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.1.el6_6.i686.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.1.el6_6.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.1.el6_6.i686.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.1.el6_6.i686.rpm java-1.8.0-openjdk-1.8.0.25-3.b17.el6_6.i686.rpm java-1.8.0-openjdk-demo-1.8.0.25-3.b17.el6_6.i686.rpm java-1.8.0-openjdk-devel-1.8.0.25-3.b17.el6_6.i686.rpm java-1.8.0-openjdk-headless-1.8.0.25-3.b17.el6_6.i686.rpm java-1.8.0-openjdk-javadoc-1.8.0.25-3.b17.el6_6.noarch.rpm java-1.8.0-openjdk-src-1.8.0.25-3.b17.el6_6.i686.rpm libcurl-7.19.7-40.el6_6.1.i686.rpm libcurl-devel-7.19.7-40.el6_6.1.i686.rpm libvirt-0.10.2-46.el6_6.1.i686.rpm libvirt-client-0.10.2-46.el6_6.1.i686.rpm libvirt-devel-0.10.2-46.el6_6.1.i686.rpm libvirt-python-0.10.2-46.el6_6.1.i686.rpm nfs-utils-1.2.3-39.el6_5.4.i686.rpm nss-softokn-3.14.3-18.el6_6.i686.rpm nss-softokn-devel-3.14.3-18.el6_6.i686.rpm nss-softokn-freebl-3.14.3-18.el6_6.i686.rpm nss-softokn-freebl-devel-3.14.3-18.el6_6.i686.rpm openssh-5.3p1-104.el6_6.1.i686.rpm openssh-askpass-5.3p1-104.el6_6.1.i686.rpm openssh-clients-5.3p1-104.el6_6.1.i686.rpm openssh-ldap-5.3p1-104.el6_6.1.i686.rpm openssh-server-5.3p1-104.el6_6.1.i686.rpm openssl-1.0.1e-30.el6_6.4.i686.rpm openssl-devel-1.0.1e-30.el6_6.4.i686.rpm openssl-perl-1.0.1e-30.el6_6.4.i686.rpm openssl-static-1.0.1e-30.el6_6.4.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6_6.1.i686.rpm perl-5.10.1-136.el6_6.1.i686.rpm perl-Archive-Extract-0.38-136.el6_6.1.i686.rpm perl-Archive-Tar-1.58-136.el6_6.1.i686.rpm perl-CGI-3.51-136.el6_6.1.i686.rpm perl-Compress-Raw-Bzip2-2.021-136.el6_6.1.i686.rpm perl-Compress-Raw-Zlib-2.021-136.el6_6.1.i686.rpm perl-Compress-Zlib-2.021-136.el6_6.1.i686.rpm perl-core-5.10.1-136.el6_6.1.i686.rpm perl-CPAN-1.9402-136.el6_6.1.i686.rpm perl-CPANPLUS-0.88-136.el6_6.1.i686.rpm perl-devel-5.10.1-136.el6_6.1.i686.rpm perl-Digest-SHA-5.47-136.el6_6.1.i686.rpm perl-ExtUtils-CBuilder-0.27-136.el6_6.1.i686.rpm perl-ExtUtils-Embed-1.28-136.el6_6.1.i686.rpm perl-ExtUtils-MakeMaker-6.55-136.el6_6.1.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-136.el6_6.1.i686.rpm perl-File-Fetch-0.26-136.el6_6.1.i686.rpm perl-IO-Compress-Base-2.021-136.el6_6.1.i686.rpm perl-IO-Compress-Bzip2-2.021-136.el6_6.1.i686.rpm perl-IO-Compress-Zlib-2.021-136.el6_6.1.i686.rpm perl-IO-Zlib-1.09-136.el6_6.1.i686.rpm perl-IPC-Cmd-0.56-136.el6_6.1.i686.rpm perl-libs-5.10.1-136.el6_6.1.i686.rpm perl-Locale-Maketext-Simple-0.18-136.el6_6.1.i686.rpm perl-Log-Message-0.02-136.el6_6.1.i686.rpm perl-Log-Message-Simple-0.04-136.el6_6.1.i686.rpm perl-Module-Build-0.3500-136.el6_6.1.i686.rpm perl-Module-CoreList-2.18-136.el6_6.1.i686.rpm perl-Module-Load-0.16-136.el6_6.1.i686.rpm perl-Module-Load-Conditional-0.30-136.el6_6.1.i686.rpm perl-Module-Loaded-0.02-136.el6_6.1.i686.rpm perl-Module-Pluggable-3.90-136.el6_6.1.i686.rpm perl-Object-Accessor-0.34-136.el6_6.1.i686.rpm perl-Package-Constants-0.02-136.el6_6.1.i686.rpm perl-Params-Check-0.26-136.el6_6.1.i686.rpm perl-parent-0.221-136.el6_6.1.i686.rpm perl-Parse-CPAN-Meta-1.40-136.el6_6.1.i686.rpm perl-Pod-Escapes-1.04-136.el6_6.1.i686.rpm perl-Pod-Simple-3.13-136.el6_6.1.i686.rpm perl-suidperl-5.10.1-136.el6_6.1.i686.rpm perl-Term-UI-0.20-136.el6_6.1.i686.rpm perl-Test-Harness-3.17-136.el6_6.1.i686.rpm perl-Test-Simple-0.92-136.el6_6.1.i686.rpm perl-Time-HiRes-1.9721-136.el6_6.1.i686.rpm perl-Time-Piece-1.15-136.el6_6.1.i686.rpm perl-version-0.77-136.el6_6.1.i686.rpm qemu-guest-agent-0.12.1.2-2.448.el6_6.i686.rpm scl-utils-20120927-23.el6_5.i686.rpm scl-utils-20120927-23.el6_6.i686.rpm scl-utils-build-20120927-23.el6_5.i686.rpm scl-utils-build-20120927-23.el6_6.i686.rpm tuned-0.2.19-13.el6_6.1.noarch.rpm tuned-profiles-sap-0.2.19-13.el6_6.1.noarch.rpm tuned-profiles-sap-hana-0.2.19-13.el6_6.1.noarch.rpm tuned-utils-0.2.19-13.el6_6.1.noarch.rpm tzdata-2014i-1.el6.noarch.rpm tzdata-2014j-1.el6.noarch.rpm tzdata-java-2014i-1.el6.noarch.rpm tzdata-java-2014j-1.el6.noarch.rpm watchdog-5.6-4.el6_5.i686.rpm watchdog-5.6-4.el6_6.i686.rpm zsh-4.3.10-9.el6.i686.rpm zsh-html-4.3.10-9.el6.i686.rpm x86_64: 389-ds-base-1.2.11.15-48.el6_6.x86_64.rpm 389-ds-base-devel-1.2.11.15-48.el6_6.i686.rpm 389-ds-base-devel-1.2.11.15-48.el6_6.x86_64.rpm 389-ds-base-libs-1.2.11.15-48.el6_6.i686.rpm 389-ds-base-libs-1.2.11.15-48.el6_6.x86_64.rpm curl-7.19.7-40.el6_6.1.x86_64.rpm debugmode-9.03.46-1.el6_6.1.x86_64.rpm initscripts-9.03.46-1.el6_6.1.x86_64.rpm iproute-2.6.32-33.el6_6.x86_64.rpm iproute-devel-2.6.32-33.el6_6.i686.rpm iproute-devel-2.6.32-33.el6_6.x86_64.rpm iproute-doc-2.6.32-33.el6_6.x86_64.rpm java-1.6.0-openjdk-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.33-1.13.5.1.el6_6.x86_64.rpm java-1.8.0-openjdk-1.8.0.25-3.b17.el6_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.25-3.b17.el6_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.25-3.b17.el6_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.25-3.b17.el6_6.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.25-3.b17.el6_6.noarch.rpm java-1.8.0-openjdk-src-1.8.0.25-3.b17.el6_6.x86_64.rpm kmod-oracleasm-2.0.8-4.el6_6.x86_64.rpm libcurl-7.19.7-40.el6_6.1.i686.rpm libcurl-7.19.7-40.el6_6.1.x86_64.rpm libcurl-devel-7.19.7-40.el6_6.1.i686.rpm libcurl-devel-7.19.7-40.el6_6.1.x86_64.rpm libvirt-0.10.2-46.el6_6.1.x86_64.rpm libvirt-client-0.10.2-46.el6_6.1.i686.rpm libvirt-client-0.10.2-46.el6_6.1.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.1.i686.rpm libvirt-devel-0.10.2-46.el6_6.1.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.1.x86_64.rpm libvirt-python-0.10.2-46.el6_6.1.x86_64.rpm nfs-utils-1.2.3-39.el6_5.4.x86_64.rpm nss-softokn-3.14.3-18.el6_6.i686.rpm nss-softokn-3.14.3-18.el6_6.x86_64.rpm nss-softokn-devel-3.14.3-18.el6_6.i686.rpm nss-softokn-devel-3.14.3-18.el6_6.x86_64.rpm nss-softokn-freebl-3.14.3-18.el6_6.i686.rpm nss-softokn-freebl-3.14.3-18.el6_6.x86_64.rpm nss-softokn-freebl-devel-3.14.3-18.el6_6.i686.rpm nss-softokn-freebl-devel-3.14.3-18.el6_6.x86_64.rpm openssh-5.3p1-104.el6_6.1.x86_64.rpm openssh-askpass-5.3p1-104.el6_6.1.x86_64.rpm openssh-clients-5.3p1-104.el6_6.1.x86_64.rpm openssh-ldap-5.3p1-104.el6_6.1.x86_64.rpm openssh-server-5.3p1-104.el6_6.1.x86_64.rpm openssl-1.0.1e-30.el6_6.4.i686.rpm openssl-1.0.1e-30.el6_6.4.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.4.i686.rpm openssl-devel-1.0.1e-30.el6_6.4.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.4.x86_64.rpm openssl-static-1.0.1e-30.el6_6.4.x86_64.rpm pam_ssh_agent_auth-0.9.3-104.el6_6.1.i686.rpm pam_ssh_agent_auth-0.9.3-104.el6_6.1.x86_64.rpm perl-5.10.1-136.el6_6.1.x86_64.rpm perl-Archive-Extract-0.38-136.el6_6.1.x86_64.rpm perl-Archive-Tar-1.58-136.el6_6.1.x86_64.rpm perl-CGI-3.51-136.el6_6.1.x86_64.rpm perl-Compress-Raw-Bzip2-2.021-136.el6_6.1.x86_64.rpm perl-Compress-Raw-Zlib-2.021-136.el6_6.1.x86_64.rpm perl-Compress-Zlib-2.021-136.el6_6.1.x86_64.rpm perl-core-5.10.1-136.el6_6.1.x86_64.rpm perl-CPAN-1.9402-136.el6_6.1.x86_64.rpm perl-CPANPLUS-0.88-136.el6_6.1.x86_64.rpm perl-devel-5.10.1-136.el6_6.1.i686.rpm perl-devel-5.10.1-136.el6_6.1.x86_64.rpm perl-Digest-SHA-5.47-136.el6_6.1.x86_64.rpm perl-ExtUtils-CBuilder-0.27-136.el6_6.1.x86_64.rpm perl-ExtUtils-Embed-1.28-136.el6_6.1.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-136.el6_6.1.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-136.el6_6.1.x86_64.rpm perl-File-Fetch-0.26-136.el6_6.1.x86_64.rpm perl-IO-Compress-Base-2.021-136.el6_6.1.x86_64.rpm perl-IO-Compress-Bzip2-2.021-136.el6_6.1.x86_64.rpm perl-IO-Compress-Zlib-2.021-136.el6_6.1.x86_64.rpm perl-IO-Zlib-1.09-136.el6_6.1.x86_64.rpm perl-IPC-Cmd-0.56-136.el6_6.1.x86_64.rpm perl-libs-5.10.1-136.el6_6.1.i686.rpm perl-libs-5.10.1-136.el6_6.1.x86_64.rpm perl-Locale-Maketext-Simple-0.18-136.el6_6.1.x86_64.rpm perl-Log-Message-0.02-136.el6_6.1.x86_64.rpm perl-Log-Message-Simple-0.04-136.el6_6.1.x86_64.rpm perl-Module-Build-0.3500-136.el6_6.1.x86_64.rpm perl-Module-CoreList-2.18-136.el6_6.1.x86_64.rpm perl-Module-Load-0.16-136.el6_6.1.x86_64.rpm perl-Module-Load-Conditional-0.30-136.el6_6.1.x86_64.rpm perl-Module-Loaded-0.02-136.el6_6.1.x86_64.rpm perl-Module-Pluggable-3.90-136.el6_6.1.x86_64.rpm perl-Object-Accessor-0.34-136.el6_6.1.x86_64.rpm perl-Package-Constants-0.02-136.el6_6.1.x86_64.rpm perl-Params-Check-0.26-136.el6_6.1.x86_64.rpm perl-parent-0.221-136.el6_6.1.x86_64.rpm perl-Parse-CPAN-Meta-1.40-136.el6_6.1.x86_64.rpm perl-Pod-Escapes-1.04-136.el6_6.1.x86_64.rpm perl-Pod-Simple-3.13-136.el6_6.1.x86_64.rpm perl-suidperl-5.10.1-136.el6_6.1.x86_64.rpm perl-Term-UI-0.20-136.el6_6.1.x86_64.rpm perl-Test-Harness-3.17-136.el6_6.1.x86_64.rpm perl-Test-Simple-0.92-136.el6_6.1.x86_64.rpm perl-Time-HiRes-1.9721-136.el6_6.1.x86_64.rpm perl-Time-Piece-1.15-136.el6_6.1.x86_64.rpm perl-version-0.77-136.el6_6.1.x86_64.rpm qemu-guest-agent-0.12.1.2-2.448.el6_6.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.x86_64.rpm scl-utils-20120927-23.el6_5.x86_64.rpm scl-utils-20120927-23.el6_6.x86_64.rpm scl-utils-build-20120927-23.el6_5.x86_64.rpm scl-utils-build-20120927-23.el6_6.x86_64.rpm tuned-0.2.19-13.el6_6.1.noarch.rpm tuned-profiles-sap-0.2.19-13.el6_6.1.noarch.rpm tuned-profiles-sap-hana-0.2.19-13.el6_6.1.noarch.rpm tuned-utils-0.2.19-13.el6_6.1.noarch.rpm tzdata-2014i-1.el6.noarch.rpm tzdata-2014j-1.el6.noarch.rpm tzdata-java-2014i-1.el6.noarch.rpm tzdata-java-2014j-1.el6.noarch.rpm watchdog-5.6-4.el6_5.x86_64.rpm watchdog-5.6-4.el6_6.x86_64.rpm xfsdump-3.0.4-4.el6_6.1.x86_64.rpm zsh-4.3.10-9.el6.x86_64.rpm zsh-html-4.3.10-9.el6.x86_64.rpm Date: Tue, 18 Nov 2014 20:33:44 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: libvirt on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: libvirt security and bug fix update Advisory ID: SLSA-2014:1873-1 Issue Date: 2014-11-18 CVE Numbers: CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 -- An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non- persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) This update also fixes the following bug: When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domainconfigurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. After installing the updated packages, libvirtd will be restarted automatically. -- SL6 x86_64 libvirt-0.10.2-46.el6_6.2.x86_64.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm i386 libvirt-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-python-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm - Scientific Linux Development Team . Details on the libvirt moderate security update for Scientific Linux, addressing critical issues with quick fixes.. libvirt security, Scientific Linux updates, Denial of Service fix. . LinuxSecurity.com Team
Nov 18, 2014
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!