Oval Definition:oval:org.opensuse.security:def:72786
Revision Date:2020-12-01Version:1
Title:Security update for libvirt (Important)
Description:



This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Security issues fixed:

- CVE-2019-10132: Reject clients unless their UID matches the server UID (bsc#1134348)

Non security issues fixed:

- delay global firewall setup if no networks are running (bsc#1133229) - add systemd-container dependency to qemu and lxc drivers (bsc#1136109)

Family:unixClass:patch
Status:Reference(s):1111331
1133229
1134348
1135273
1136109
1163102
1163103
1163104
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-10132
CVE-2019-11091
CVE-2019-15604
CVE-2019-15605
CVE-2019-15606
SUSE-SU-2019:1490-1
SUSE-SU-2020:0454-1
Platform(s):SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-8.3 is installed
  • OR libvirt-admin-5.1.0-8.3 is installed
  • OR libvirt-bash-completion-5.1.0-8.3 is installed
  • OR libvirt-client-5.1.0-8.3 is installed
  • OR libvirt-daemon-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-interface-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-libxl-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nodedev-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-secret-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-core-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-disk-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-iscsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-logical-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-mpath-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-rbd-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-scsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-hooks-5.1.0-8.3 is installed
  • OR libvirt-daemon-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-xen-5.1.0-8.3 is installed
  • OR libvirt-devel-5.1.0-8.3 is installed
  • OR libvirt-doc-5.1.0-8.3 is installed
  • OR libvirt-lock-sanlock-5.1.0-8.3 is installed
  • OR libvirt-nss-5.1.0-8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • nodejs8-8.17.0-3.28 is installed
  • OR nodejs8-devel-8.17.0-3.28 is installed
  • OR nodejs8-docs-8.17.0-3.28 is installed
  • OR npm8-8.17.0-3.28 is installed
    • BACK