Oval Definition:oval:com.redhat.rhsa:def:20182006
Revision Date:2018-06-26Version:602
Title:RHSA-2018:2006: libvirt security and bug fix update (Important)
Description:The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

    Note: This is the libvirt side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD CPUs.

    Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

    Bug Fix(es):

  • The "virsh capabilities" command previously displayed an inaccurate number of 4 KiB memory pages on systems with very large amounts of memory. This update optimizes the memory diagnostic mechanism to ensure memory page numbers are displayed correctly on such systems. (BZ#1582416)

  • After starting a large amount of guest virtual machines in a single session, the libvirtd service in some cases became unable to start any other guests until it was restarted. This update ensures that libvirtd properly frees memory used for D-Bus replies, which prevents the described problem from occurring. (BZ#1588390)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-3639
    RHSA-2018:2006-00
    RHSA-2018:2006-01
    Platform(s):Red Hat Enterprise Linux 7.4 Extended Update Support
    Product(s):
    Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND Package Information
  • libvirt is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-admin is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-admin is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-client is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-client is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-config-network is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-config-nwfilter is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-interface is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-lxc is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-network is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-nodedev is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-nwfilter is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-qemu is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-secret is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-core is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-core is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-disk is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-disk is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-gluster is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-gluster is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-iscsi is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-iscsi is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-logical is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-logical is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-mpath is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-mpath is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-rbd is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-rbd is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-driver-storage-scsi is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-driver-storage-scsi is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-kvm is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-daemon-lxc is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-devel is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-devel is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-docs is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-docs is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-libs is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-libs is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-lock-sanlock is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-login-shell is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-login-shell is signed with Red Hat redhatrelease2 key
  • OR
  • libvirt-nss is earlier than 0:3.2.0-14.el7_4.11
  • AND libvirt-nss is signed with Red Hat redhatrelease2 key
  • BACK