Oval Definition:oval:org.opensuse.security:def:53264
Revision Date:2020-12-01Version:1
Title:Security update for libvirt (Important)
Description:



This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Security issues fixed:

- CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348)

Non security issues fixed:

- delay global firewall setup if no networks are running (bsc#1133229) - add systemd-container dependency to qemu and lxc drivers (bsc#1136109)

Family:unixClass:patch
Status:Reference(s):1013669
1021814
1021817
1021818
1021819
1021820
1021821
1021822
1021823
1021824
1021991
1041783
1042802
1042803
1043088
1044887
1044894
1045719
1045721
1111331
1133229
1134348
1135273
1136109
1140750
907809
947165
950703
950704
950705
950706
951845
954018
954405
956408
956409
956411
956592
956832
960961
961935
963806
980904
CVE-2008-1686
CVE-2009-4012
CVE-2010-2494
CVE-2012-2669
CVE-2012-4559
CVE-2012-4560
CVE-2012-4561
CVE-2012-5468
CVE-2012-5532
CVE-2013-0176
CVE-2013-4326
CVE-2014-0017
CVE-2014-8132
CVE-2014-9130
CVE-2014-9638
CVE-2014-9639
CVE-2014-9640
CVE-2015-3146
CVE-2015-5307
CVE-2015-6749
CVE-2015-7311
CVE-2015-7504
CVE-2015-7835
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8104
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8345
CVE-2016-0505
CVE-2016-0546
CVE-2016-0596
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0616
CVE-2016-0640
CVE-2016-0641
CVE-2016-0642
CVE-2016-0643
CVE-2016-0644
CVE-2016-0646
CVE-2016-0647
CVE-2016-0648
CVE-2016-0649
CVE-2016-0650
CVE-2016-0651
CVE-2016-0655
CVE-2016-0666
CVE-2016-0668
CVE-2016-0739
CVE-2016-2047
CVE-2016-6354
CVE-2016-7445
CVE-2016-8332
CVE-2016-9112
CVE-2016-9113
CVE-2016-9114
CVE-2016-9115
CVE-2016-9116
CVE-2016-9117
CVE-2016-9118
CVE-2016-9572
CVE-2016-9573
CVE-2016-9580
CVE-2016-9581
CVE-2016-9811
CVE-2017-5373
CVE-2017-5375
CVE-2017-5376
CVE-2017-5378
CVE-2017-5380
CVE-2017-5383
CVE-2017-5386
CVE-2017-5390
CVE-2017-5396
CVE-2017-7375
CVE-2017-7376
CVE-2017-7511
CVE-2017-7515
CVE-2017-9406
CVE-2017-9408
CVE-2017-9775
CVE-2017-9776
CVE-2018-10933
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-10132
CVE-2019-11091
CVE-2019-13314
SUSE-SU-2015:2328-1
SUSE-SU-2016:1619-1
SUSE-SU-2017:0242-1
SUSE-SU-2017:0427-1
SUSE-SU-2017:1999-1
SUSE-SU-2019:1490-1
SUSE-SU-2020:3045-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • bluez-5.48-lp150.3 is installed
  • OR libbluetooth3-5.48-lp150.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • GraphicsMagick-1.3.29-lp151.4.6 is installed
  • OR GraphicsMagick-devel-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick++-Q16-12-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick++-devel-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick-Q16-3-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagick3-config-1.3.29-lp151.4.6 is installed
  • OR libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.6 is installed
  • OR perl-GraphicsMagick-1.3.29-lp151.4.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND icedtea-web-1.4.1-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libFLAC++6-1.2.1-68.17 is installed
  • OR libFLAC8-1.2.1-68.17 is installed
  • OR libFLAC8-32bit-1.2.1-68.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • glibc-2.11.3-17.87 is installed
  • OR glibc-32bit-2.11.3-17.87 is installed
  • OR glibc-devel-2.11.3-17.87 is installed
  • OR glibc-devel-32bit-2.11.3-17.87 is installed
  • OR glibc-i18ndata-2.11.3-17.87 is installed
  • OR glibc-locale-2.11.3-17.87 is installed
  • OR glibc-locale-32bit-2.11.3-17.87 is installed
  • OR nscd-2.11.3-17.87 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • xen-4.4.3_06-22.15 is installed
  • OR xen-kmp-default-4.4.3_06_k3.12.48_52.27-22.15 is installed
  • OR xen-libs-4.4.3_06-22.15 is installed
  • OR xen-libs-32bit-4.4.3_06-22.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • MozillaFirefox-45.7.0esr-99 is installed
  • OR MozillaFirefox-translations-45.7.0esr-99 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libthai-data-0.1.25-4 is installed
  • OR libthai0-0.1.25-4 is installed
  • OR libthai0-32bit-0.1.25-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND bogofilter-1.2.4-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libssh4-0.6.3-12.6 is installed
  • OR libssh4-32bit-0.6.3-12.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-8.3 is installed
  • OR libvirt-admin-5.1.0-8.3 is installed
  • OR libvirt-bash-completion-5.1.0-8.3 is installed
  • OR libvirt-client-5.1.0-8.3 is installed
  • OR libvirt-daemon-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-interface-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-libxl-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nodedev-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-secret-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-core-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-disk-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-iscsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-logical-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-mpath-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-rbd-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-scsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-hooks-5.1.0-8.3 is installed
  • OR libvirt-daemon-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-xen-5.1.0-8.3 is installed
  • OR libvirt-devel-5.1.0-8.3 is installed
  • OR libvirt-doc-5.1.0-8.3 is installed
  • OR libvirt-lock-sanlock-5.1.0-8.3 is installed
  • OR libvirt-nss-5.1.0-8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND ipsec-tools-0.8.0-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND shadow-4.1.5.1-19.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND libgc1-7.2d-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • qemu-2.6.2-41.55 is installed
  • OR qemu-block-curl-2.6.2-41.55 is installed
  • OR qemu-block-rbd-2.6.2-41.55 is installed
  • OR qemu-block-ssh-2.6.2-41.55 is installed
  • OR qemu-guest-agent-2.6.2-41.55 is installed
  • OR qemu-ipxe-1.0.0-41.55 is installed
  • OR qemu-kvm-2.6.2-41.55 is installed
  • OR qemu-lang-2.6.2-41.55 is installed
  • OR qemu-seabios-1.9.1-41.55 is installed
  • OR qemu-sgabios-8-41.55 is installed
  • OR qemu-tools-2.6.2-41.55 is installed
  • OR qemu-vgabios-1.9.1-41.55 is installed
  • OR qemu-x86-2.6.2-41.55 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libecpg6-10.5-1.3 is installed
  • OR libpq5-10.5-1.3 is installed
  • OR libpq5-32bit-10.5-1.3 is installed
  • OR postgresql-init-10-17.20 is installed
  • OR postgresql10-10.5-1.3 is installed
  • OR postgresql10-contrib-10.5-1.3 is installed
  • OR postgresql10-docs-10.5-1.3 is installed
  • OR postgresql10-libs-10.5-1.3 is installed
  • OR postgresql10-server-10.5-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_80-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_22-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • ecryptfs-utils-103-7 is installed
  • OR ecryptfs-utils-32bit-103-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • glib2-2.48.2-12.15 is installed
  • OR glib2-lang-2.48.2-12.15 is installed
  • OR glib2-tools-2.48.2-12.15 is installed
  • OR libgio-2_0-0-2.48.2-12.15 is installed
  • OR libgio-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libglib-2_0-0-2.48.2-12.15 is installed
  • OR libglib-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_57-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_18-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.107 is installed
  • OR kernel-default-base-4.4.180-94.107 is installed
  • OR kernel-default-devel-4.4.180-94.107 is installed
  • OR kernel-default-kgraft-4.4.180-94.107 is installed
  • OR kernel-default-man-4.4.180-94.107 is installed
  • OR kernel-devel-4.4.180-94.107 is installed
  • OR kernel-macros-4.4.180-94.107 is installed
  • OR kernel-source-4.4.180-94.107 is installed
  • OR kernel-syms-4.4.180-94.107 is installed
  • OR kgraft-patch-4_4_180-94_107-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libsndfile-1.0.25-36.16 is installed
  • OR libsndfile1-1.0.25-36.16 is installed
  • OR libsndfile1-32bit-1.0.25-36.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cron-4.2-58 is installed
  • OR cronie-1.4.11-58 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openstack-ironic-4.2.3~a0~dev14-1 is installed
  • OR openstack-ironic-api-4.2.3~a0~dev14-1 is installed
  • OR openstack-ironic-conductor-4.2.3~a0~dev14-1 is installed
  • OR python-ironic-4.2.3~a0~dev14-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • grafana-4.5.1-1.8 is installed
  • OR kafka-0.10.2.2-5 is installed
  • OR logstash-2.4.1-5 is installed
  • OR monasca-installer-20180608_12.47-9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-urllib3-1.22-5.6 is installed
    • BACK