Oval Definition:oval:org.opensuse.security:def:56769
Revision Date:2020-12-01Version:1
Title:Security update for qemu (Important)
Description:

This update for qemu fixes several issues.

This security issue was fixed:

- CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885).

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well.

For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature.

spec-ctrl and ssbd support is also required in the host.

This non-security issue was fixed:

- bsc#1070615: Add new look up path 'sys/class/tpm' for tpm cancel path
Family:unixClass:patch
Status:Reference(s):1015348
1015941
1022555
1026636
1027519
1027570
1028235
1028655
1029827
1030144
1030442
1034843
1034844
1034845
1034994
1035483
1045327
1054429
1057950
1070615
1076958
1092885
1111622
1122668
1139959
1145092
1163019
1168140
1168142
1169392
1172906
1172935
1173197
1174543
1174922
1174923
886378
940929
947494
958491
958917
959005
959386
960334
960708
960725
960835
961332
961333
961358
961556
961691
962320
963782
963963
964411
964413
965283
966891
967969
969121
969122
969350
970036
970037
975128
975136
975700
976109
978158
978160
978395
978993
980711
980723
981040
981041
981108
981109
981111
981112
981114
981115
981266
981548
981549
981550
982331
983164
987176
988361
994399
CVE-2008-0928
CVE-2008-1945
CVE-2008-2382
CVE-2008-4539
CVE-2012-2669
CVE-2012-3515
CVE-2012-5532
CVE-2013-4148
CVE-2013-4149
CVE-2013-4150
CVE-2013-4151
CVE-2013-4526
CVE-2013-4527
CVE-2013-4529
CVE-2013-4530
CVE-2013-4531
CVE-2013-4533
CVE-2013-4534
CVE-2013-4535
CVE-2013-4536
CVE-2013-4537
CVE-2013-4538
CVE-2013-4539
CVE-2013-4540
CVE-2013-4541
CVE-2013-4542
CVE-2013-4544
CVE-2013-6399
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0146
CVE-2014-0147
CVE-2014-0150
CVE-2014-0182
CVE-2014-0222
CVE-2014-0223
CVE-2014-3461
CVE-2014-3640
CVE-2014-7840
CVE-2014-8106
CVE-2015-1779
CVE-2015-3209
CVE-2015-3456
CVE-2015-4037
CVE-2015-5154
CVE-2015-5225
CVE-2015-5278
CVE-2015-5279
CVE-2015-5745
CVE-2015-5745
CVE-2015-6815
CVE-2015-6855
CVE-2015-7295
CVE-2015-7512
CVE-2015-7549
CVE-2015-7549
CVE-2015-8345
CVE-2015-8504
CVE-2015-8504
CVE-2015-8558
CVE-2015-8558
CVE-2015-8567
CVE-2015-8567
CVE-2015-8568
CVE-2015-8568
CVE-2015-8613
CVE-2015-8613
CVE-2015-8619
CVE-2015-8619
CVE-2015-8743
CVE-2015-8743
CVE-2015-8744
CVE-2015-8744
CVE-2015-8745
CVE-2015-8745
CVE-2015-8806
CVE-2015-8817
CVE-2015-8818
CVE-2016-1568
CVE-2016-1568
CVE-2016-1714
CVE-2016-1714
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-1922
CVE-2016-1922
CVE-2016-1981
CVE-2016-1981
CVE-2016-2073
CVE-2016-2197
CVE-2016-2198
CVE-2016-2198
CVE-2016-2538
CVE-2016-2841
CVE-2016-2857
CVE-2016-2858
CVE-2016-3705
CVE-2016-3710
CVE-2016-3710
CVE-2016-3712
CVE-2016-3712
CVE-2016-4001
CVE-2016-4002
CVE-2016-4002
CVE-2016-4020
CVE-2016-4020
CVE-2016-4037
CVE-2016-4439
CVE-2016-4439
CVE-2016-4441
CVE-2016-4441
CVE-2016-4447
CVE-2016-4448
CVE-2016-4449
CVE-2016-4453
CVE-2016-4454
CVE-2016-4483
CVE-2016-4952
CVE-2016-4952
CVE-2016-4964
CVE-2016-5011
CVE-2016-5105
CVE-2016-5106
CVE-2016-5107
CVE-2016-5126
CVE-2016-5238
CVE-2016-5337
CVE-2016-5338
CVE-2016-5403
CVE-2016-6351
CVE-2016-6490
CVE-2016-6833
CVE-2016-6836
CVE-2016-6888
CVE-2016-7116
CVE-2016-7155
CVE-2016-7156
CVE-2016-7157
CVE-2016-9603
CVE-2016-9957
CVE-2016-9958
CVE-2016-9959
CVE-2016-9960
CVE-2016-9961
CVE-2017-1000251
CVE-2017-15107
CVE-2017-15274
CVE-2017-2633
CVE-2017-6414
CVE-2017-6505
CVE-2017-7718
CVE-2017-7980
CVE-2018-18074
CVE-2018-3639
CVE-2019-10208
CVE-2019-13012
CVE-2020-11739
CVE-2020-11740
CVE-2020-11741
CVE-2020-11742
CVE-2020-12673
CVE-2020-12674
CVE-2020-14093
CVE-2020-14154
CVE-2020-14954
CVE-2020-8608
SUSE-SU-2016:1538-1
SUSE-SU-2016:1703-1
SUSE-SU-2016:2764-1
SUSE-SU-2016:3250-1
SUSE-SU-2017:1147-1
SUSE-SU-2017:2797-1
SUSE-SU-2018:1378-1
SUSE-SU-2019:1721-1
SUSE-SU-2019:1824-1
SUSE-SU-2019:2158-1
SUSE-SU-2020:0555-1
SUSE-SU-2020:1794-1
SUSE-SU-2020:2234-1
SUSE-SU-2020:2274-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • alsa-1.1.5-lp150.4 is installed
  • OR libasound2-1.1.5-lp150.4 is installed
  • OR libasound2-32bit-1.1.5-lp150.4 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • containerd-1.2.5-lp151.2.3 is installed
  • OR containerd-ctr-1.2.5-lp151.2.3 is installed
  • OR containerd-test-1.2.5-lp151.2.3 is installed
  • OR docker-18.09.6_ce-lp151.2.3 is installed
  • OR docker-bash-completion-18.09.6_ce-lp151.2.3 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3 is installed
  • OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3 is installed
  • OR docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3 is installed
  • OR docker-test-18.09.6_ce-lp151.2.3 is installed
  • OR docker-zsh-completion-18.09.6_ce-lp151.2.3 is installed
  • OR go-1.12-lp151.2.3 is installed
  • OR go-doc-1.12-lp151.2.3 is installed
  • OR go-race-1.12-lp151.2.3 is installed
  • OR go1.11-1.11.9-lp151.2.3 is installed
  • OR go1.11-doc-1.11.9-lp151.2.3 is installed
  • OR go1.11-race-1.11.9-lp151.2.3 is installed
  • OR go1.12-1.12.4-lp151.2.3 is installed
  • OR go1.12-doc-1.12.4-lp151.2.3 is installed
  • OR go1.12-race-1.12.4-lp151.2.3 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • qemu-2.9.1-6.16 is installed
  • OR qemu-block-curl-2.9.1-6.16 is installed
  • OR qemu-ipxe-1.0.0-6.16 is installed
  • OR qemu-kvm-2.9.1-6.16 is installed
  • OR qemu-seabios-1.10.2-6.16 is installed
  • OR qemu-sgabios-8-6.16 is installed
  • OR qemu-tools-2.9.1-6.16 is installed
  • OR qemu-vgabios-1.10.2-6.16 is installed
  • OR qemu-x86-2.9.1-6.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • qemu-2.3.1-14 is installed
  • OR qemu-block-curl-2.3.1-14 is installed
  • OR qemu-block-rbd-2.3.1-14 is installed
  • OR qemu-guest-agent-2.3.1-14 is installed
  • OR qemu-ipxe-1.0.0-14 is installed
  • OR qemu-kvm-2.3.1-14 is installed
  • OR qemu-lang-2.3.1-14 is installed
  • OR qemu-ppc-2.3.1-14 is installed
  • OR qemu-s390-2.3.1-14 is installed
  • OR qemu-seabios-1.8.1-14 is installed
  • OR qemu-sgabios-8-14 is installed
  • OR qemu-tools-2.3.1-14 is installed
  • OR qemu-vgabios-1.8.1-14 is installed
  • OR qemu-x86-2.3.1-14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_51-default-3-4 is installed
  • OR kgraft-patch-3_12_74-60_64_51-xen-3-4 is installed
  • OR kgraft-patch-SLE12-SP1_Update_18-3-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND hyper-v-7-13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • gpg2-2.0.24-9.3 is installed
  • OR gpg2-lang-2.0.24-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_98-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_26-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_38-default-11-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_13-11-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gv-3.7.4-1 is installed
  • OR wdiff-1.2.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • ntp-4.2.8p15-88 is installed
  • OR ntp-doc-4.2.8p15-88 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libshibsp-lite6-2.5.5-6.6 is installed
  • OR libshibsp6-2.5.5-6.6 is installed
  • OR shibboleth-sp-2.5.5-6.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_176-94_88-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_24-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libidn-tools-1.28-5.3 is installed
  • OR libidn11-1.28-5.3 is installed
  • OR libidn11-32bit-1.28-5.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • postgresql94-9.4.24-21.25 is installed
  • OR postgresql94-contrib-9.4.24-21.25 is installed
  • OR postgresql94-docs-9.4.24-21.25 is installed
  • OR postgresql94-plperl-9.4.24-21.25 is installed
  • OR postgresql94-plpython-9.4.24-21.25 is installed
  • OR postgresql94-pltcl-9.4.24-21.25 is installed
  • OR postgresql94-server-9.4.24-21.25 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • dnsmasq-2.78-18.12 is installed
  • OR dnsmasq-utils-2.78-18.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-core-5.0+git.1582968668.1a55c77c5-3.35 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1582968668.1a55c77c5-3.35 is installed
  • OR crowbar-ha-5.0+git.1574286229.e0364c3-3.29 is installed
  • OR crowbar-openstack-5.0+git.1582911795.5081ef1da-4.34 is installed
  • OR crowbar-ui-1.2.0+git.1575896697.a01a3a08-3.15 is installed
  • OR keepalived-2.0.19-3.6 is installed
  • OR mariadb-10.2.31-4.17 is installed
  • OR mariadb-client-10.2.31-4.17 is installed
  • OR mariadb-errormessages-10.2.31-4.17 is installed
  • OR mariadb-galera-10.2.31-4.17 is installed
  • OR mariadb-tools-10.2.31-4.17 is installed
  • OR openstack-cinder-11.2.3~dev23-3.24 is installed
  • OR openstack-cinder-api-11.2.3~dev23-3.24 is installed
  • OR openstack-cinder-backup-11.2.3~dev23-3.24 is installed
  • OR openstack-cinder-doc-11.2.3~dev23-3.24 is installed
  • OR openstack-cinder-scheduler-11.2.3~dev23-3.24 is installed
  • OR openstack-cinder-volume-11.2.3~dev23-3.24 is installed
  • OR openstack-dashboard-12.0.5~dev2-3.23 is installed
  • OR openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14 is installed
  • OR openstack-heat-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-api-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-api-cfn-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-api-cloudwatch-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-doc-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-engine-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27 is installed
  • OR openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12 is installed
  • OR openstack-heat-test-9.0.8~dev22-3.27 is installed
  • OR openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9 is installed
  • OR openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14 is installed
  • OR openstack-ironic-9.1.8~dev8-3.24 is installed
  • OR openstack-ironic-api-9.1.8~dev8-3.24 is installed
  • OR openstack-ironic-conductor-9.1.8~dev8-3.24 is installed
  • OR openstack-ironic-doc-9.1.8~dev8-3.24 is installed
  • OR openstack-keystone-12.0.4~dev5-5.30 is installed
  • OR openstack-keystone-doc-12.0.4~dev5-5.30 is installed
  • OR openstack-monasca-agent-2.2.5~dev5-3.15 is installed
  • OR openstack-neutron-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-dhcp-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-doc-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-gbp-7.3.1~dev72-3.12 is installed
  • OR openstack-neutron-ha-tool-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-l3-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-macvtap-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-metadata-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-metering-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-server-11.0.9~dev60-3.27 is installed
  • OR openstack-neutron-vsphere-2.0.1~dev133-3.12 is installed
  • OR openstack-neutron-vsphere-doc-2.0.1~dev133-3.12 is installed
  • OR openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12 is installed
  • OR openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12 is installed
  • OR openstack-nova-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-api-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-cells-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-compute-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-conductor-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-console-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-consoleauth-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-doc-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-novncproxy-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-placement-api-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-scheduler-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-serialproxy-16.1.9~dev49-3.32 is installed
  • OR openstack-nova-vncproxy-16.1.9~dev49-3.32 is installed
  • OR openstack-octavia-1.0.6~dev3-4.21 is installed
  • OR openstack-octavia-amphora-agent-1.0.6~dev3-4.21 is installed
  • OR openstack-octavia-amphora-image-0.1.2-3.9 is installed
  • OR openstack-octavia-amphora-image-x86_64-0.1.2-3.9 is installed
  • OR openstack-octavia-api-1.0.6~dev3-4.21 is installed
  • OR openstack-octavia-health-manager-1.0.6~dev3-4.21 is installed
  • OR openstack-octavia-housekeeping-1.0.6~dev3-4.21 is installed
  • OR openstack-octavia-worker-1.0.6~dev3-4.21 is installed
  • OR openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3 is installed
  • OR openstack-sahara-7.0.5~dev4-3.12 is installed
  • OR openstack-sahara-api-7.0.5~dev4-3.12 is installed
  • OR openstack-sahara-doc-7.0.5~dev4-3.12 is installed
  • OR openstack-sahara-engine-7.0.5~dev4-3.12 is installed
  • OR openstack-trove-8.0.2~dev2-3.12 is installed
  • OR openstack-trove-api-8.0.2~dev2-3.12 is installed
  • OR openstack-trove-conductor-8.0.2~dev2-3.12 is installed
  • OR openstack-trove-doc-8.0.2~dev2-3.12 is installed
  • OR openstack-trove-guestagent-8.0.2~dev2-3.12 is installed
  • OR openstack-trove-taskmanager-8.0.2~dev2-3.12 is installed
  • OR python-cinder-11.2.3~dev23-3.24 is installed
  • OR python-congressclient-1.8.1-3.3 is installed
  • OR python-designateclient-2.7.1-3.3 is installed
  • OR python-designateclient-doc-2.7.1-3.3 is installed
  • OR python-freezegun-0.3.9-1.3 is installed
  • OR python-heat-9.0.8~dev22-3.27 is installed
  • OR python-horizon-12.0.5~dev2-3.23 is installed
  • OR python-horizon-plugin-designate-ui-5.0.3~dev2-3.9 is installed
  • OR python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14 is installed
  • OR python-ironic-9.1.8~dev8-3.24 is installed
  • OR python-ironic-lib-2.10.2-3.3 is installed
  • OR python-keystone-12.0.4~dev5-5.30 is installed
  • OR python-monasca-agent-2.2.5~dev5-3.15 is installed
  • OR python-networking-cisco-6.1.1~dev65-3.3 is installed
  • OR python-networking-vsphere-2.0.1~dev133-3.12 is installed
  • OR python-neutron-11.0.9~dev60-3.27 is installed
  • OR python-neutron-gbp-7.3.1~dev72-3.12 is installed
  • OR python-nova-16.1.9~dev49-3.32 is installed
  • OR python-octavia-1.0.6~dev3-4.21 is installed
  • OR python-osc-lib-1.7.1-3.3 is installed
  • OR python-oslo.context-2.17.2-3.3 is installed
  • OR python-oslo.rootwrap-5.9.3-3.3 is installed
  • OR python-oslo.serialization-2.20.3-3.3 is installed
  • OR python-oslo.service-1.25.2-3.3 is installed
  • OR python-sahara-7.0.5~dev4-3.12 is installed
  • OR python-stevedore-1.25.2-3.3 is installed
  • OR python-taskflow-2.14.2-3.3 is installed
  • OR python-trove-8.0.2~dev2-3.12 is installed
  • OR ruby2.1-rubygem-crowbar-client-3.9.1-3.9 is installed
  • OR ruby2.1-rubygem-puma-2.16.0-3.3 is installed
  • OR rubygem-crowbar-client-3.9.1-3.9 is installed
  • OR rubygem-puma-2.16.0-3.3 is installed
    • BACK