SUSE-SU-2015:0357-1: moderate: Security update for kvm and libvirt
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Feb 23 16:06:14 MST 2015
SUSE Security Update: Security update for kvm and libvirt
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0357-1
Rating: moderate
References: #843074 #852397 #878350 #879665 #897654 #897783
#899144 #899484 #900084 #904176 #905097 #907805
#908381 #910145 #911742
Cross-References: CVE-2014-3633 CVE-2014-3640 CVE-2014-3657
CVE-2014-7823 CVE-2014-7840 CVE-2014-8106
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves 6 vulnerabilities and has 9 fixes is
now available. It includes two new package versions.
Description:
This collective update for KVM and libvirt provides fixes for security and
non-security issues.
kvm:
* Fix NULL pointer dereference because of uninitialized UDP socket.
(bsc#897654, CVE-2014-3640)
* Fix performance degradation after migration. (bsc#878350)
* Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag
in FS_IOC_FIEMAP ioctl. (bsc#908381)
* Add validate hex properties for qdev. (bsc#852397)
* Add boot option to do strict boot (bsc#900084)
* Add query-command-line-options QMP command. (bsc#899144)
* Fix incorrect return value of migrate_cancel. (bsc#843074)
* Fix insufficient parameter validation during ram load. (bsc#905097,
CVE-2014-7840)
* Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,
CVE-2014-8106)
libvirt:
* Fix security hole with migratable flag in dumpxml. (bsc#904176,
CVE-2014-7823)
* Fix domain deadlock. (bsc#899484, CVE-2014-3657)
* Use correct definition when looking up disk in qemu blkiotune.
(bsc#897783, CVE-2014-3633)
* Fix undefined symbol when starting virtlockd. (bsc#910145)
* Add "-boot strict" to qemu's commandline whenever possible.
(bsc#900084)
* Add support for "reboot-timeout" in qemu. (bsc#899144)
* Increase QEMU's monitor timeout to 30sec. (bsc#911742)
* Allow setting QEMU's migration max downtime any time. (bsc#879665)
Security Issues:
* CVE-2014-7823
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823>
* CVE-2014-3657
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657>
* CVE-2014-3633
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633>
* CVE-2014-3640
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640>
* CVE-2014-7840
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840>
* CVE-2014-8106
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-kvm-libvirt-201412=10222
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kvm-libvirt-201412=10222
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kvm-libvirt-201412=10222
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:
libvirt-devel-1.0.5.9-0.19.3
- SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]:
libvirt-devel-32bit-1.0.5.9-0.19.3
- SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64) [New Version: 1.0.5.9]:
libvirt-devel-1.0.5.9-0.19.6
- SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:
libvirt-1.0.5.9-0.19.3
libvirt-client-1.0.5.9-0.19.3
libvirt-doc-1.0.5.9-0.19.3
libvirt-lock-sanlock-1.0.5.9-0.19.3
libvirt-python-1.0.5.9-0.19.3
- SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64) [New Version: 1.0.5.9]:
libvirt-client-32bit-1.0.5.9-0.19.3
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 1.4.2]:
kvm-1.4.2-0.21.4
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 1.0.5.9 and 1.4.2]:
kvm-1.4.2-0.21.5
libvirt-client-32bit-1.0.5.9-0.19.5
- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 1.0.5.9]:
libvirt-1.0.5.9-0.19.6
libvirt-client-1.0.5.9-0.19.6
libvirt-doc-1.0.5.9-0.19.6
libvirt-lock-sanlock-1.0.5.9-0.19.6
libvirt-python-1.0.5.9-0.19.6
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.9 and 1.4.2]:
kvm-1.4.2-0.21.4
libvirt-1.0.5.9-0.19.3
libvirt-client-1.0.5.9-0.19.3
libvirt-doc-1.0.5.9-0.19.3
libvirt-python-1.0.5.9-0.19.3
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]:
libvirt-client-32bit-1.0.5.9-0.19.3
References:
http://support.novell.com/security/cve/CVE-2014-3633.html
http://support.novell.com/security/cve/CVE-2014-3640.html
http://support.novell.com/security/cve/CVE-2014-3657.html
http://support.novell.com/security/cve/CVE-2014-7823.html
http://support.novell.com/security/cve/CVE-2014-7840.html
http://support.novell.com/security/cve/CVE-2014-8106.html
https://bugzilla.suse.com/843074
https://bugzilla.suse.com/852397
https://bugzilla.suse.com/878350
https://bugzilla.suse.com/879665
https://bugzilla.suse.com/897654
https://bugzilla.suse.com/897783
https://bugzilla.suse.com/899144
https://bugzilla.suse.com/899484
https://bugzilla.suse.com/900084
https://bugzilla.suse.com/904176
https://bugzilla.suse.com/905097
https://bugzilla.suse.com/907805
https://bugzilla.suse.com/908381
https://bugzilla.suse.com/910145
https://bugzilla.suse.com/911742
http://download.suse.com/patch/finder/?keywords=d3b9c3ae67669c31312322f9448e4225
More information about the sle-security-updates
mailing list