Oval Definition:oval:org.opensuse.security:def:59000
Revision Date:2020-12-01Version:1
Title:Security update for qemu (Important)
Description:

This update for qemu fixes several issues.

This security issue was fixed:

- CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885).

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well.

For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature.

spec-ctrl and ssbd support is also required in the host.

This feature was added:

- Add support for block resize support for xen disks through the monitor

This non-security issue was fixed:

- bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change
Family:unixClass:patch
Status:Reference(s):1005023
1040311
1040312
1040313
1050577
1050578
1050579
1050581
1055960
1076696
1079405
1091236
1092885
1101591
1114981
1115375
1115518
1119971
1120323
1123886
1128471
1128472
1128474
1128476
1128480
1128481
1128490
1128492
1128493
1136446
1137597
1140747
1141322
1141780
1141782
1141783
1141784
1141785
1141786
1141787
1141789
1145559
1146358
1146359
1151021
1153108
1155787
1156321
1156331
1157770
1158527
1159819
1160594
1160764
1161779
1163922
1171252
1171254
1172524
CVE-2011-1018
CVE-2017-11624
CVE-2017-11625
CVE-2017-11626
CVE-2017-11627
CVE-2017-12595
CVE-2017-2518
CVE-2017-6318
CVE-2017-9208
CVE-2017-9209
CVE-2017-9210
CVE-2018-16864
CVE-2018-16865
CVE-2018-16866
CVE-2018-20856
CVE-2018-3639
CVE-2019-10220
CVE-2019-11477
CVE-2019-11478
CVE-2019-11500
CVE-2019-11745
CVE-2019-13272
CVE-2019-14835
CVE-2019-17006
CVE-2019-2745
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2842
CVE-2019-3846
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
CVE-2019-7317
CVE-2019-8675
CVE-2019-8696
CVE-2020-12653
CVE-2020-12654
CVE-2020-12861
CVE-2020-12862
CVE-2020-12863
CVE-2020-12864
CVE-2020-12865
CVE-2020-12866
CVE-2020-12867
CVE-2020-8013
SUSE-SU-2018:1362-1
SUSE-SU-2018:3066-2
SUSE-SU-2019:0135-1
SUSE-SU-2019:2036-1
SUSE-SU-2019:2454-1
SUSE-SU-2019:3050-1
SUSE-SU-2019:3057-1
SUSE-SU-2019:3261-1
SUSE-SU-2020:0545-1
SUSE-SU-2020:3125-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • xorg-x11-server-1.19.6-lp150.6 is installed
  • OR xorg-x11-server-extra-1.19.6-lp150.6 is installed
  • OR xorg-x11-server-wayland-1.19.6-lp150.6 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libu2f-host-1.1.6-lp151.2.6 is installed
  • OR libu2f-host-devel-1.1.6-lp151.2.6 is installed
  • OR libu2f-host-doc-1.1.6-lp151.2.6 is installed
  • OR libu2f-host0-1.1.6-lp151.2.6 is installed
  • OR pam_u2f-1.0.8-lp151.2.3 is installed
  • OR u2f-host-1.1.6-lp151.2.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • cups-filters-1.0.58-15.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-15.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-15.2 is installed
  • OR cups-filters-ghostscript-1.0.58-15.2 is installed
  • OR libqpdf18-7.1.1-3.3 is installed
  • OR qpdf-7.1.1-3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_92-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_24-8-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • qemu-2.6.2-41.40 is installed
  • OR qemu-block-curl-2.6.2-41.40 is installed
  • OR qemu-block-rbd-2.6.2-41.40 is installed
  • OR qemu-block-ssh-2.6.2-41.40 is installed
  • OR qemu-guest-agent-2.6.2-41.40 is installed
  • OR qemu-ipxe-1.0.0-41.40 is installed
  • OR qemu-kvm-2.6.2-41.40 is installed
  • OR qemu-lang-2.6.2-41.40 is installed
  • OR qemu-ppc-2.6.2-41.40 is installed
  • OR qemu-s390-2.6.2-41.40 is installed
  • OR qemu-seabios-1.9.1-41.40 is installed
  • OR qemu-sgabios-8-41.40 is installed
  • OR qemu-tools-2.6.2-41.40 is installed
  • OR qemu-vgabios-1.9.1-41.40 is installed
  • OR qemu-x86-2.6.2-41.40 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND logwatch-7.4.3-15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • ceph-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR ceph-common-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR libcephfs2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR librados2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR libradosstriper1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR librbd1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR librgw2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR python-cephfs-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR python-rados-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR python-rbd-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • OR python-rgw-12.2.13+git.1592168685.85110a3e9d-2.50 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_143-94_47-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND libcares2-1.9.1-9.4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND libXfont1-1.5.1-11.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • dovecot22-2.2.31-19.17 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.17 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.17 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libgcrypt-1.6.1-16.68 is installed
  • OR libgcrypt20-1.6.1-16.68 is installed
  • OR libgcrypt20-32bit-1.6.1-16.68 is installed
  • OR libgcrypt20-hmac-1.6.1-16.68 is installed
  • OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
  • BACK