SUSE-SU-2015:0357-1: moderate: Security update for kvm and libvirt

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Feb 23 16:06:14 MST 2015


   SUSE Security Update: Security update for kvm and libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0357-1
Rating:             moderate
References:         #843074 #852397 #878350 #879665 #897654 #897783 
                    #899144 #899484 #900084 #904176 #905097 #907805 
                    #908381 #910145 #911742 
Cross-References:   CVE-2014-3633 CVE-2014-3640 CVE-2014-3657
                    CVE-2014-7823 CVE-2014-7840 CVE-2014-8106
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 9 fixes is
   now available. It includes two new package versions.

Description:


   This collective update for KVM and libvirt provides fixes for security and
   non-security issues.

   kvm:

       * Fix NULL pointer dereference because of uninitialized UDP socket.
         (bsc#897654, CVE-2014-3640)
       * Fix performance degradation after migration. (bsc#878350)
       * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag
         in FS_IOC_FIEMAP ioctl. (bsc#908381)
       * Add validate hex properties for qdev. (bsc#852397)
       * Add boot option to do strict boot (bsc#900084)
       * Add query-command-line-options QMP command. (bsc#899144)
       * Fix incorrect return value of migrate_cancel. (bsc#843074)
       * Fix insufficient parameter validation during ram load. (bsc#905097,
         CVE-2014-7840)
       * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805,
         CVE-2014-8106)

   libvirt:

       * Fix security hole with migratable flag in dumpxml. (bsc#904176,
         CVE-2014-7823)
       * Fix domain deadlock. (bsc#899484, CVE-2014-3657)
       * Use correct definition when looking up disk in qemu blkiotune.
         (bsc#897783, CVE-2014-3633)
       * Fix undefined symbol when starting virtlockd. (bsc#910145)
       * Add "-boot strict" to qemu's commandline whenever possible.
         (bsc#900084)
       * Add support for "reboot-timeout" in qemu. (bsc#899144)
       * Increase QEMU's monitor timeout to 30sec. (bsc#911742)
       * Allow setting QEMU's migration max downtime any time. (bsc#879665)

   Security Issues:

       * CVE-2014-7823
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823>
       * CVE-2014-3657
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657>
       * CVE-2014-3633
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633>
       * CVE-2014-3640
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640>
       * CVE-2014-7840
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840>
       * CVE-2014-8106
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-kvm-libvirt-201412=10222

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-kvm-libvirt-201412=10222

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-kvm-libvirt-201412=10222

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:

      libvirt-devel-1.0.5.9-0.19.3

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]:

      libvirt-devel-32bit-1.0.5.9-0.19.3

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64) [New Version: 1.0.5.9]:

      libvirt-devel-1.0.5.9-0.19.6

   - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]:

      libvirt-1.0.5.9-0.19.3
      libvirt-client-1.0.5.9-0.19.3
      libvirt-doc-1.0.5.9-0.19.3
      libvirt-lock-sanlock-1.0.5.9-0.19.3
      libvirt-python-1.0.5.9-0.19.3

   - SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64) [New Version: 1.0.5.9]:

      libvirt-client-32bit-1.0.5.9-0.19.3

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 1.4.2]:

      kvm-1.4.2-0.21.4

   - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 1.0.5.9 and 1.4.2]:

      kvm-1.4.2-0.21.5
      libvirt-client-32bit-1.0.5.9-0.19.5

   - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 1.0.5.9]:

      libvirt-1.0.5.9-0.19.6
      libvirt-client-1.0.5.9-0.19.6
      libvirt-doc-1.0.5.9-0.19.6
      libvirt-lock-sanlock-1.0.5.9-0.19.6
      libvirt-python-1.0.5.9-0.19.6

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.9 and 1.4.2]:

      kvm-1.4.2-0.21.4
      libvirt-1.0.5.9-0.19.3
      libvirt-client-1.0.5.9-0.19.3
      libvirt-doc-1.0.5.9-0.19.3
      libvirt-python-1.0.5.9-0.19.3

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]:

      libvirt-client-32bit-1.0.5.9-0.19.3


References:

   http://support.novell.com/security/cve/CVE-2014-3633.html
   http://support.novell.com/security/cve/CVE-2014-3640.html
   http://support.novell.com/security/cve/CVE-2014-3657.html
   http://support.novell.com/security/cve/CVE-2014-7823.html
   http://support.novell.com/security/cve/CVE-2014-7840.html
   http://support.novell.com/security/cve/CVE-2014-8106.html
   https://bugzilla.suse.com/843074
   https://bugzilla.suse.com/852397
   https://bugzilla.suse.com/878350
   https://bugzilla.suse.com/879665
   https://bugzilla.suse.com/897654
   https://bugzilla.suse.com/897783
   https://bugzilla.suse.com/899144
   https://bugzilla.suse.com/899484
   https://bugzilla.suse.com/900084
   https://bugzilla.suse.com/904176
   https://bugzilla.suse.com/905097
   https://bugzilla.suse.com/907805
   https://bugzilla.suse.com/908381
   https://bugzilla.suse.com/910145
   https://bugzilla.suse.com/911742
   http://download.suse.com/patch/finder/?keywords=d3b9c3ae67669c31312322f9448e4225



More information about the sle-updates mailing list