Oval Definition:oval:org.opensuse.security:def:126066
Revision Date:2019-04-15Version:1
Title:Security update for libvirt (Moderate)
Description:

This update for libvirt fixes the following issues:

Security issue fixed:

- CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595).

Other issues addressed:

- libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516)
Family:unixClass:patch
Status:Reference(s):1081516
1102604
1112182
1120813
1125665
1126325
1127458
1131595
CVE-2019-3840
CVE-2019-3886
SUSE-SU-2019:0948-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND libvirt-devel-4.0.0-8.9.1 is installed
    • BACK