SUSE 5151 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:1499-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
openSUSE-SU-2019:1500-1: moderate: Security update for java-1_7_0-openjdk
openSUSE-SU-2019:1501-1: moderate: Security update for php7
openSUSE-SU-2019:1503-1: moderate: Security update for php5
openSUSE-SU-2019:1505-1: important: Security update for libvirt



openSUSE-SU-2019:1499-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork

openSUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1499-1
Rating: important
References: #1114209 #1114832 #1118897 #1118898 #1118899
#1121397 #1121967 #1123013 #1128376 #1128746
#1134068
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
CVE-2019-5736 CVE-2019-6486
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 6 fixes is
now available.

Description:

This update for containerd, docker, docker-runc, go, go1.11, go1.12,
golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

- CVE-2019-5736: containerd: Fixing container breakout vulnerability
(bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS
vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command
execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal
(bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of
service (bsc#1118899).

Other changes and bug fixes:

- Update to containerd v1.2.5, which is required for v18.09.5-ce
(bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce
(bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
(bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in
certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1499=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

go-1.12-lp150.2.11.1
go-doc-1.12-lp150.2.11.1

- openSUSE Leap 15.0 (noarch):

containerd-test-1.2.5-lp150.4.14.3
docker-bash-completion-18.09.6_ce-lp150.5.17.2
docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2
docker-zsh-completion-18.09.6_ce-lp150.5.17.2

- openSUSE Leap 15.0 (x86_64):

containerd-1.2.5-lp150.4.14.3
containerd-ctr-1.2.5-lp150.4.14.3
docker-18.09.6_ce-lp150.5.17.2
docker-debuginfo-18.09.6_ce-lp150.5.17.2
docker-debugsource-18.09.6_ce-lp150.5.17.2
docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1
docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1
docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2
docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2
docker-test-18.09.6_ce-lp150.5.17.2
docker-test-debuginfo-18.09.6_ce-lp150.5.17.2
go-race-1.12-lp150.2.11.1
go1.11-1.11.9-lp150.9.3
go1.11-doc-1.11.9-lp150.9.3
go1.11-race-1.11.9-lp150.9.3
go1.12-1.12.4-lp150.2.2
go1.12-doc-1.12.4-lp150.2.2
go1.12-race-1.12.4-lp150.2.2
golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1


References:

https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16874.html
https://www.suse.com/security/cve/CVE-2018-16875.html
https://www.suse.com/security/cve/CVE-2019-5736.html
https://www.suse.com/security/cve/CVE-2019-6486.html
https://bugzilla.suse.com/1114209
https://bugzilla.suse.com/1114832
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1118898
https://bugzilla.suse.com/1118899
https://bugzilla.suse.com/1121397
https://bugzilla.suse.com/1121967
https://bugzilla.suse.com/1123013
https://bugzilla.suse.com/1128376
https://bugzilla.suse.com/1128746
https://bugzilla.suse.com/1134068

--


openSUSE-SU-2019:1500-1: moderate: Security update for java-1_7_0-openjdk

openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1500-1
Rating: moderate
References: #1122293 #1122299 #1132728 #1132729 #1132732
#1134297
Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426
CVE-2019-2602 CVE-2019-2684 CVE-2019-2698

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk fixes the following issues:

Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU)

Security issues fixed:

- CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:
Libraries) (bsc#1132728).
- CVE-2019-2684: Fixed flaw inside the RMI registry implementation
(bsc#1132732).
- CVE-2019-2698: Fixed out of bounds access flaw in the 2D component
(bsc#1132729).
- CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293).
- CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in
jmemmgr.c (bsc#1122299).
- CVE-2019-2426: Improve web server connections (bsc#1134297).

Bug fixes:

- Please check the package Changelog for detailed information.

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1500=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.221-57.1
java-1_7_0-openjdk-accessibility-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.221-57.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-debugsource-1.7.0.221-57.1
java-1_7_0-openjdk-demo-1.7.0.221-57.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-devel-1.7.0.221-57.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-headless-1.7.0.221-57.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-57.1
java-1_7_0-openjdk-src-1.7.0.221-57.1

- openSUSE Leap 42.3 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.221-57.1


References:

https://www.suse.com/security/cve/CVE-2018-11212.html
https://www.suse.com/security/cve/CVE-2019-2422.html
https://www.suse.com/security/cve/CVE-2019-2426.html
https://www.suse.com/security/cve/CVE-2019-2602.html
https://www.suse.com/security/cve/CVE-2019-2684.html
https://www.suse.com/security/cve/CVE-2019-2698.html
https://bugzilla.suse.com/1122293
https://bugzilla.suse.com/1122299
https://bugzilla.suse.com/1132728
https://bugzilla.suse.com/1132729
https://bugzilla.suse.com/1132732
https://bugzilla.suse.com/1134297

--


openSUSE-SU-2019:1501-1: moderate: Security update for php7

openSUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1501-1
Rating: moderate
References: #1132837 #1132838 #1134322
Cross-References: CVE-2019-11034 CVE-2019-11035 CVE-2019-11036

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for php7 fixes the following issues:

Security issues fixed:

- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1501=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

apache2-mod_php7-7.0.7-61.1
apache2-mod_php7-debuginfo-7.0.7-61.1
php7-7.0.7-61.1
php7-bcmath-7.0.7-61.1
php7-bcmath-debuginfo-7.0.7-61.1
php7-bz2-7.0.7-61.1
php7-bz2-debuginfo-7.0.7-61.1
php7-calendar-7.0.7-61.1
php7-calendar-debuginfo-7.0.7-61.1
php7-ctype-7.0.7-61.1
php7-ctype-debuginfo-7.0.7-61.1
php7-curl-7.0.7-61.1
php7-curl-debuginfo-7.0.7-61.1
php7-dba-7.0.7-61.1
php7-dba-debuginfo-7.0.7-61.1
php7-debuginfo-7.0.7-61.1
php7-debugsource-7.0.7-61.1
php7-devel-7.0.7-61.1
php7-dom-7.0.7-61.1
php7-dom-debuginfo-7.0.7-61.1
php7-enchant-7.0.7-61.1
php7-enchant-debuginfo-7.0.7-61.1
php7-exif-7.0.7-61.1
php7-exif-debuginfo-7.0.7-61.1
php7-fastcgi-7.0.7-61.1
php7-fastcgi-debuginfo-7.0.7-61.1
php7-fileinfo-7.0.7-61.1
php7-fileinfo-debuginfo-7.0.7-61.1
php7-firebird-7.0.7-61.1
php7-firebird-debuginfo-7.0.7-61.1
php7-fpm-7.0.7-61.1
php7-fpm-debuginfo-7.0.7-61.1
php7-ftp-7.0.7-61.1
php7-ftp-debuginfo-7.0.7-61.1
php7-gd-7.0.7-61.1
php7-gd-debuginfo-7.0.7-61.1
php7-gettext-7.0.7-61.1
php7-gettext-debuginfo-7.0.7-61.1
php7-gmp-7.0.7-61.1
php7-gmp-debuginfo-7.0.7-61.1
php7-iconv-7.0.7-61.1
php7-iconv-debuginfo-7.0.7-61.1
php7-imap-7.0.7-61.1
php7-imap-debuginfo-7.0.7-61.1
php7-intl-7.0.7-61.1
php7-intl-debuginfo-7.0.7-61.1
php7-json-7.0.7-61.1
php7-json-debuginfo-7.0.7-61.1
php7-ldap-7.0.7-61.1
php7-ldap-debuginfo-7.0.7-61.1
php7-mbstring-7.0.7-61.1
php7-mbstring-debuginfo-7.0.7-61.1
php7-mcrypt-7.0.7-61.1
php7-mcrypt-debuginfo-7.0.7-61.1
php7-mysql-7.0.7-61.1
php7-mysql-debuginfo-7.0.7-61.1
php7-odbc-7.0.7-61.1
php7-odbc-debuginfo-7.0.7-61.1
php7-opcache-7.0.7-61.1
php7-opcache-debuginfo-7.0.7-61.1
php7-openssl-7.0.7-61.1
php7-openssl-debuginfo-7.0.7-61.1
php7-pcntl-7.0.7-61.1
php7-pcntl-debuginfo-7.0.7-61.1
php7-pdo-7.0.7-61.1
php7-pdo-debuginfo-7.0.7-61.1
php7-pgsql-7.0.7-61.1
php7-pgsql-debuginfo-7.0.7-61.1
php7-phar-7.0.7-61.1
php7-phar-debuginfo-7.0.7-61.1
php7-posix-7.0.7-61.1
php7-posix-debuginfo-7.0.7-61.1
php7-pspell-7.0.7-61.1
php7-pspell-debuginfo-7.0.7-61.1
php7-readline-7.0.7-61.1
php7-readline-debuginfo-7.0.7-61.1
php7-shmop-7.0.7-61.1
php7-shmop-debuginfo-7.0.7-61.1
php7-snmp-7.0.7-61.1
php7-snmp-debuginfo-7.0.7-61.1
php7-soap-7.0.7-61.1
php7-soap-debuginfo-7.0.7-61.1
php7-sockets-7.0.7-61.1
php7-sockets-debuginfo-7.0.7-61.1
php7-sqlite-7.0.7-61.1
php7-sqlite-debuginfo-7.0.7-61.1
php7-sysvmsg-7.0.7-61.1
php7-sysvmsg-debuginfo-7.0.7-61.1
php7-sysvsem-7.0.7-61.1
php7-sysvsem-debuginfo-7.0.7-61.1
php7-sysvshm-7.0.7-61.1
php7-sysvshm-debuginfo-7.0.7-61.1
php7-tidy-7.0.7-61.1
php7-tidy-debuginfo-7.0.7-61.1
php7-tokenizer-7.0.7-61.1
php7-tokenizer-debuginfo-7.0.7-61.1
php7-wddx-7.0.7-61.1
php7-wddx-debuginfo-7.0.7-61.1
php7-xmlreader-7.0.7-61.1
php7-xmlreader-debuginfo-7.0.7-61.1
php7-xmlrpc-7.0.7-61.1
php7-xmlrpc-debuginfo-7.0.7-61.1
php7-xmlwriter-7.0.7-61.1
php7-xmlwriter-debuginfo-7.0.7-61.1
php7-xsl-7.0.7-61.1
php7-xsl-debuginfo-7.0.7-61.1
php7-zip-7.0.7-61.1
php7-zip-debuginfo-7.0.7-61.1
php7-zlib-7.0.7-61.1
php7-zlib-debuginfo-7.0.7-61.1

- openSUSE Leap 42.3 (noarch):

php7-pear-7.0.7-61.1
php7-pear-Archive_Tar-7.0.7-61.1


References:

https://www.suse.com/security/cve/CVE-2019-11034.html
https://www.suse.com/security/cve/CVE-2019-11035.html
https://www.suse.com/security/cve/CVE-2019-11036.html
https://bugzilla.suse.com/1132837
https://bugzilla.suse.com/1132838
https://bugzilla.suse.com/1134322

--


openSUSE-SU-2019:1503-1: moderate: Security update for php5

openSUSE Security Update: Security update for php5
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1503-1
Rating: moderate
References: #1128883 #1128886 #1128887 #1128889 #1128892
#1132837 #1132838 #1134322
Cross-References: CVE-2019-11034 CVE-2019-11035 CVE-2019-11036
CVE-2019-9637 CVE-2019-9638 CVE-2019-9639
CVE-2019-9640 CVE-2019-9675
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for php5 fixes the following issues:

Security issues fixed:

- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si()
(bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value()
(bsc#1132837).
- CVE-2019-9637: Fixed a potential information disclosure in rename()
(bsc#1128892).
- CVE-2019-9675: Fixed a potential buffer overflow in
phar_tar_writeheaders_int() (bsc#1128886).
- CVE-2019-9638: Fixed an uninitialized read in
exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889).
- CVE-2019-9639: Fixed an uninitialized read in
exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887).
- CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn()
(bsc#1128883).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function
leading to information disclosure (bsc#1134322).

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1503=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

apache2-mod_php5-5.5.14-118.1
apache2-mod_php5-debuginfo-5.5.14-118.1
php5-5.5.14-118.1
php5-bcmath-5.5.14-118.1
php5-bcmath-debuginfo-5.5.14-118.1
php5-bz2-5.5.14-118.1
php5-bz2-debuginfo-5.5.14-118.1
php5-calendar-5.5.14-118.1
php5-calendar-debuginfo-5.5.14-118.1
php5-ctype-5.5.14-118.1
php5-ctype-debuginfo-5.5.14-118.1
php5-curl-5.5.14-118.1
php5-curl-debuginfo-5.5.14-118.1
php5-dba-5.5.14-118.1
php5-dba-debuginfo-5.5.14-118.1
php5-debuginfo-5.5.14-118.1
php5-debugsource-5.5.14-118.1
php5-devel-5.5.14-118.1
php5-dom-5.5.14-118.1
php5-dom-debuginfo-5.5.14-118.1
php5-enchant-5.5.14-118.1
php5-enchant-debuginfo-5.5.14-118.1
php5-exif-5.5.14-118.1
php5-exif-debuginfo-5.5.14-118.1
php5-fastcgi-5.5.14-118.1
php5-fastcgi-debuginfo-5.5.14-118.1
php5-fileinfo-5.5.14-118.1
php5-fileinfo-debuginfo-5.5.14-118.1
php5-firebird-5.5.14-118.1
php5-firebird-debuginfo-5.5.14-118.1
php5-fpm-5.5.14-118.1
php5-fpm-debuginfo-5.5.14-118.1
php5-ftp-5.5.14-118.1
php5-ftp-debuginfo-5.5.14-118.1
php5-gd-5.5.14-118.1
php5-gd-debuginfo-5.5.14-118.1
php5-gettext-5.5.14-118.1
php5-gettext-debuginfo-5.5.14-118.1
php5-gmp-5.5.14-118.1
php5-gmp-debuginfo-5.5.14-118.1
php5-iconv-5.5.14-118.1
php5-iconv-debuginfo-5.5.14-118.1
php5-imap-5.5.14-118.1
php5-imap-debuginfo-5.5.14-118.1
php5-intl-5.5.14-118.1
php5-intl-debuginfo-5.5.14-118.1
php5-json-5.5.14-118.1
php5-json-debuginfo-5.5.14-118.1
php5-ldap-5.5.14-118.1
php5-ldap-debuginfo-5.5.14-118.1
php5-mbstring-5.5.14-118.1
php5-mbstring-debuginfo-5.5.14-118.1
php5-mcrypt-5.5.14-118.1
php5-mcrypt-debuginfo-5.5.14-118.1
php5-mssql-5.5.14-118.1
php5-mssql-debuginfo-5.5.14-118.1
php5-mysql-5.5.14-118.1
php5-mysql-debuginfo-5.5.14-118.1
php5-odbc-5.5.14-118.1
php5-odbc-debuginfo-5.5.14-118.1
php5-opcache-5.5.14-118.1
php5-opcache-debuginfo-5.5.14-118.1
php5-openssl-5.5.14-118.1
php5-openssl-debuginfo-5.5.14-118.1
php5-pcntl-5.5.14-118.1
php5-pcntl-debuginfo-5.5.14-118.1
php5-pdo-5.5.14-118.1
php5-pdo-debuginfo-5.5.14-118.1
php5-pgsql-5.5.14-118.1
php5-pgsql-debuginfo-5.5.14-118.1
php5-phar-5.5.14-118.1
php5-phar-debuginfo-5.5.14-118.1
php5-posix-5.5.14-118.1
php5-posix-debuginfo-5.5.14-118.1
php5-pspell-5.5.14-118.1
php5-pspell-debuginfo-5.5.14-118.1
php5-readline-5.5.14-118.1
php5-readline-debuginfo-5.5.14-118.1
php5-shmop-5.5.14-118.1
php5-shmop-debuginfo-5.5.14-118.1
php5-snmp-5.5.14-118.1
php5-snmp-debuginfo-5.5.14-118.1
php5-soap-5.5.14-118.1
php5-soap-debuginfo-5.5.14-118.1
php5-sockets-5.5.14-118.1
php5-sockets-debuginfo-5.5.14-118.1
php5-sqlite-5.5.14-118.1
php5-sqlite-debuginfo-5.5.14-118.1
php5-suhosin-5.5.14-118.1
php5-suhosin-debuginfo-5.5.14-118.1
php5-sysvmsg-5.5.14-118.1
php5-sysvmsg-debuginfo-5.5.14-118.1
php5-sysvsem-5.5.14-118.1
php5-sysvsem-debuginfo-5.5.14-118.1
php5-sysvshm-5.5.14-118.1
php5-sysvshm-debuginfo-5.5.14-118.1
php5-tidy-5.5.14-118.1
php5-tidy-debuginfo-5.5.14-118.1
php5-tokenizer-5.5.14-118.1
php5-tokenizer-debuginfo-5.5.14-118.1
php5-wddx-5.5.14-118.1
php5-wddx-debuginfo-5.5.14-118.1
php5-xmlreader-5.5.14-118.1
php5-xmlreader-debuginfo-5.5.14-118.1
php5-xmlrpc-5.5.14-118.1
php5-xmlrpc-debuginfo-5.5.14-118.1
php5-xmlwriter-5.5.14-118.1
php5-xmlwriter-debuginfo-5.5.14-118.1
php5-xsl-5.5.14-118.1
php5-xsl-debuginfo-5.5.14-118.1
php5-zip-5.5.14-118.1
php5-zip-debuginfo-5.5.14-118.1
php5-zlib-5.5.14-118.1
php5-zlib-debuginfo-5.5.14-118.1

- openSUSE Leap 42.3 (noarch):

php5-pear-5.5.14-118.1


References:

https://www.suse.com/security/cve/CVE-2019-11034.html
https://www.suse.com/security/cve/CVE-2019-11035.html
https://www.suse.com/security/cve/CVE-2019-11036.html
https://www.suse.com/security/cve/CVE-2019-9637.html
https://www.suse.com/security/cve/CVE-2019-9638.html
https://www.suse.com/security/cve/CVE-2019-9639.html
https://www.suse.com/security/cve/CVE-2019-9640.html
https://www.suse.com/security/cve/CVE-2019-9675.html
https://bugzilla.suse.com/1128883
https://bugzilla.suse.com/1128886
https://bugzilla.suse.com/1128887
https://bugzilla.suse.com/1128889
https://bugzilla.suse.com/1128892
https://bugzilla.suse.com/1132837
https://bugzilla.suse.com/1132838
https://bugzilla.suse.com/1134322

--


openSUSE-SU-2019:1505-1: important: Security update for libvirt

openSUSE Security Update: Security update for libvirt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1505-1
Rating: important
References: #1111331 #1135273
Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for libvirt fixes the following issues:

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)

These updates contain the libvirt adjustments, that pass through the new
'md-clear' CPU flag (bsc#1135273).

For more information on this set of vulnerabilities, check out
https://www.suse.com/support/kb/doc/?id=7023736

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1505=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

libvirt-4.0.0-lp150.7.14.1
libvirt-admin-4.0.0-lp150.7.14.1
libvirt-admin-debuginfo-4.0.0-lp150.7.14.1
libvirt-client-4.0.0-lp150.7.14.1
libvirt-client-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-4.0.0-lp150.7.14.1
libvirt-daemon-config-network-4.0.0-lp150.7.14.1
libvirt-daemon-config-nwfilter-4.0.0-lp150.7.14.1
libvirt-daemon-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-interface-4.0.0-lp150.7.14.1
libvirt-daemon-driver-interface-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-lxc-4.0.0-lp150.7.14.1
libvirt-daemon-driver-lxc-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-network-4.0.0-lp150.7.14.1
libvirt-daemon-driver-network-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-nodedev-4.0.0-lp150.7.14.1
libvirt-daemon-driver-nodedev-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.14.1
libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-qemu-4.0.0-lp150.7.14.1
libvirt-daemon-driver-qemu-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-secret-4.0.0-lp150.7.14.1
libvirt-daemon-driver-secret-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-core-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-core-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-disk-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-iscsi-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-logical-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-mpath-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-scsi-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-uml-4.0.0-lp150.7.14.1
libvirt-daemon-driver-uml-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-vbox-4.0.0-lp150.7.14.1
libvirt-daemon-driver-vbox-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-hooks-4.0.0-lp150.7.14.1
libvirt-daemon-lxc-4.0.0-lp150.7.14.1
libvirt-daemon-qemu-4.0.0-lp150.7.14.1
libvirt-daemon-uml-4.0.0-lp150.7.14.1
libvirt-daemon-vbox-4.0.0-lp150.7.14.1
libvirt-debugsource-4.0.0-lp150.7.14.1
libvirt-devel-4.0.0-lp150.7.14.1
libvirt-doc-4.0.0-lp150.7.14.1
libvirt-libs-4.0.0-lp150.7.14.1
libvirt-libs-debuginfo-4.0.0-lp150.7.14.1
libvirt-lock-sanlock-4.0.0-lp150.7.14.1
libvirt-lock-sanlock-debuginfo-4.0.0-lp150.7.14.1
libvirt-nss-4.0.0-lp150.7.14.1
libvirt-nss-debuginfo-4.0.0-lp150.7.14.1
wireshark-plugin-libvirt-4.0.0-lp150.7.14.1
wireshark-plugin-libvirt-debuginfo-4.0.0-lp150.7.14.1

- openSUSE Leap 15.0 (x86_64):

libvirt-client-32bit-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-libxl-4.0.0-lp150.7.14.1
libvirt-daemon-driver-libxl-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-rbd-4.0.0-lp150.7.14.1
libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-lp150.7.14.1
libvirt-daemon-xen-4.0.0-lp150.7.14.1
libvirt-devel-32bit-4.0.0-lp150.7.14.1


References:

https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1135273

--