Security update for libvirt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1294-1 Final 1 1 2019-04-29T08:30:49Z current 2019-04-29T08:30:49Z 2019-04-29T08:30:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libvirt This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed: - cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: add new 'xenbus' controller type This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html E-Mail link for openSUSE-SU-2019:1294-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libvirt-3.3.0-24.1 libvirt-admin-3.3.0-24.1 libvirt-client-3.3.0-24.1 libvirt-daemon-3.3.0-24.1 libvirt-daemon-config-network-3.3.0-24.1 libvirt-daemon-config-nwfilter-3.3.0-24.1 libvirt-daemon-driver-interface-3.3.0-24.1 libvirt-daemon-driver-libxl-3.3.0-24.1 libvirt-daemon-driver-lxc-3.3.0-24.1 libvirt-daemon-driver-network-3.3.0-24.1 libvirt-daemon-driver-nodedev-3.3.0-24.1 libvirt-daemon-driver-nwfilter-3.3.0-24.1 libvirt-daemon-driver-qemu-3.3.0-24.1 libvirt-daemon-driver-secret-3.3.0-24.1 libvirt-daemon-driver-storage-3.3.0-24.1 libvirt-daemon-driver-storage-core-3.3.0-24.1 libvirt-daemon-driver-storage-disk-3.3.0-24.1 libvirt-daemon-driver-storage-iscsi-3.3.0-24.1 libvirt-daemon-driver-storage-logical-3.3.0-24.1 libvirt-daemon-driver-storage-mpath-3.3.0-24.1 libvirt-daemon-driver-storage-rbd-3.3.0-24.1 libvirt-daemon-driver-storage-scsi-3.3.0-24.1 libvirt-daemon-driver-uml-3.3.0-24.1 libvirt-daemon-driver-vbox-3.3.0-24.1 libvirt-daemon-hooks-3.3.0-24.1 libvirt-daemon-lxc-3.3.0-24.1 libvirt-daemon-qemu-3.3.0-24.1 libvirt-daemon-uml-3.3.0-24.1 libvirt-daemon-vbox-3.3.0-24.1 libvirt-daemon-xen-3.3.0-24.1 libvirt-devel-3.3.0-24.1 libvirt-devel-32bit-3.3.0-24.1 libvirt-doc-3.3.0-24.1 libvirt-libs-3.3.0-24.1 libvirt-lock-sanlock-3.3.0-24.1 libvirt-nss-3.3.0-24.1 libvirt-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-admin-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-client-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-config-network-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-config-nwfilter-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-interface-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-libxl-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-lxc-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-network-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-nodedev-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-nwfilter-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-qemu-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-secret-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-core-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-disk-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-iscsi-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-logical-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-mpath-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-rbd-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-storage-scsi-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-uml-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-driver-vbox-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-hooks-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-lxc-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-qemu-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-uml-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-vbox-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-daemon-xen-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-devel-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-devel-32bit-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-doc-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-libs-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-lock-sanlock-3.3.0-24.1 as a component of openSUSE Leap 42.3 libvirt-nss-3.3.0-24.1 as a component of openSUSE Leap 42.3 A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. CVE-2019-3840 openSUSE Leap 42.3:libvirt-3.3.0-24.1 openSUSE Leap 42.3:libvirt-admin-3.3.0-24.1 openSUSE Leap 42.3:libvirt-client-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-config-network-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-config-nwfilter-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-interface-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-libxl-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-lxc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-network-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-nodedev-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-nwfilter-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-qemu-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-secret-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-core-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-disk-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-iscsi-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-logical-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-mpath-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-rbd-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-scsi-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-uml-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-vbox-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-hooks-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-lxc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-qemu-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-uml-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-vbox-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-xen-3.3.0-24.1 openSUSE Leap 42.3:libvirt-devel-3.3.0-24.1 openSUSE Leap 42.3:libvirt-devel-32bit-3.3.0-24.1 openSUSE Leap 42.3:libvirt-doc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-libs-3.3.0-24.1 openSUSE Leap 42.3:libvirt-lock-sanlock-3.3.0-24.1 openSUSE Leap 42.3:libvirt-nss-3.3.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html https://www.suse.com/security/cve/CVE-2019-3840.html CVE-2019-3840 https://bugzilla.suse.com/1127458 SUSE Bug 1127458 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. CVE-2019-3886 openSUSE Leap 42.3:libvirt-3.3.0-24.1 openSUSE Leap 42.3:libvirt-admin-3.3.0-24.1 openSUSE Leap 42.3:libvirt-client-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-config-network-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-config-nwfilter-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-interface-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-libxl-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-lxc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-network-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-nodedev-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-nwfilter-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-qemu-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-secret-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-core-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-disk-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-iscsi-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-logical-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-mpath-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-rbd-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-storage-scsi-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-uml-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-driver-vbox-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-hooks-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-lxc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-qemu-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-uml-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-vbox-3.3.0-24.1 openSUSE Leap 42.3:libvirt-daemon-xen-3.3.0-24.1 openSUSE Leap 42.3:libvirt-devel-3.3.0-24.1 openSUSE Leap 42.3:libvirt-devel-32bit-3.3.0-24.1 openSUSE Leap 42.3:libvirt-doc-3.3.0-24.1 openSUSE Leap 42.3:libvirt-libs-3.3.0-24.1 openSUSE Leap 42.3:libvirt-lock-sanlock-3.3.0-24.1 openSUSE Leap 42.3:libvirt-nss-3.3.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html https://www.suse.com/security/cve/CVE-2019-3886.html CVE-2019-3886 https://bugzilla.suse.com/1131595 SUSE Bug 1131595 https://bugzilla.suse.com/1133150 SUSE Bug 1133150 https://bugzilla.suse.com/1138301 SUSE Bug 1138301