Oval Definition:oval:org.opensuse.security:def:65369
Revision Date:2020-12-01Version:1
Title:Security update for libvirt (Important)
Description:



This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Security issues fixed:

- CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348)

Non security issues fixed:

- delay global firewall setup if no networks are running (bsc#1133229) - add systemd-container dependency to qemu and lxc drivers (bsc#1136109)

Family:unixClass:patch
Status:Reference(s):1111331
1133229
1134348
1135273
1136109
1141844
1142031
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-10132
CVE-2019-11091
CVE-2019-13616
CVE-2019-13626
SUSE-SU-2019:1490-1
SUSE-SU-2019:2463-1
Platform(s):SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-8.3 is installed
  • OR wireshark-plugin-libvirt-5.1.0-8.3 is installed
    • BACK