SUSE-SU-2014:0318-1: moderate: Security update for libvirt

[sle-security-updates at lists.suse.com]

   SUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0318-1
Rating:             moderate
References:         #817407 #857492 #858817 
Cross-References:   CVE-2013-6458 CVE-2014-1447
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available. It includes one version update.

Description:


   This update fixes the following one non-security and two
   security issues  with libvirt:

   * bnc#817407: Fixing device assignment problem with
   Broadcom 57810 NIC to Guest OS.
   * bnc#857492: qemu job usage issue in several API
   leading to libvirtd crash (CVE-2013-6458)
   * bnc#858817: denial of service with keepalive
   (CVE-2014-1447)

   Security Issue references:

   * CVE-2014-1447
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447
   >
   * CVE-2013-6458
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-libvirt-8886

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-libvirt-8886

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-libvirt-8886

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.9]:

      libvirt-devel-1.0.5.9-0.7.1

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]:

      libvirt-devel-32bit-1.0.5.9-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.9]:

      libvirt-1.0.5.9-0.7.1
      libvirt-client-1.0.5.9-0.7.1
      libvirt-doc-1.0.5.9-0.7.1
      libvirt-lock-sanlock-1.0.5.9-0.7.1
      libvirt-python-1.0.5.9-0.7.1

   - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.9]:

      libvirt-client-32bit-1.0.5.9-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.9]:

      libvirt-1.0.5.9-0.7.1
      libvirt-client-1.0.5.9-0.7.1
      libvirt-doc-1.0.5.9-0.7.1
      libvirt-python-1.0.5.9-0.7.1

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]:

      libvirt-client-32bit-1.0.5.9-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2013-6458.html
   http://support.novell.com/security/cve/CVE-2014-1447.html
   https://bugzilla.novell.com/817407
   https://bugzilla.novell.com/857492
   https://bugzilla.novell.com/858817
   http://download.novell.com/patch/finder/?keywords=c88f0c46e6587677dfe5467186124acd